US legalizes spying on its own people

US legalizes spying on its own people

 

 

 

 

 

In the wake of two separate and back-to-back revelations that the US National Security Agency (NSA) and the Federal Bureaus of Investigation (FBI) are spying on millions of Americans, officials are now engaged in a damage control campaign.

They are seeking to determine how the lid has been blown off two super-secret telephone and the Internet spying programs of the American government.

To quell the uproar over spying, government officials launched an aggressive justification of the previously undisclosed programs shortly after the disclosures.

The US spy chief said the programs are legal. Director of National Intelligence James Clapper has stressed that the Congress had “fully debated” it and that it was recently reauthorized under Section 702 of the Foreign Intelligence Surveillance Act.

A day before Clapper's comments, US President Barack Obama rushed to the defense of the top-secret programs saying, “They help us prevent terrorist attacks” despite their “modest encroachments on privacy.”

He condemned the “hype” over the massive NSA and FBI spying on Americans’ phone records and internet communications. Moreover, in order to ease concerns over the erosion of civil liberties, he said, “Nobody is listening to your telephone calls” or “reading the e-mails” of American people.

The first disclosure came on Thursday when the British newspaper The Guardian published a top secret court document, issued in April, under which the US government has been furtively collecting phone records of millions of Americans who are customers of Verizon, one of America's largest telecommunications provider companies. The program is called Foreign Intelligence Surveillance Act or FISA.

The order compels Verizon to give the NSA “all call detail records or ‘telephony metadata’ created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.”

But what is metadata? Washington Times provides further details about the term. “Such metadata include the calling and receiving phone numbers, the time of day and length of the call, and the whereabouts of the two parties.”

The paper quotes Stephen B. Wicker, a professor of electrical and computer engineering at Cornell University as saying, “The metadata available is now so fine-grained that it reveals where we’re going, what we’re doing, what our preferences and beliefs might be and who our friends are.”

The man behind the disclosures, the 29-year old Edward Snowden, is a former CIA employee working at the NSA. He said he leaked documents because he felt the US is building an unaccountable and secret espionage machine that spied on every American.

Despite Obama’s reassurance that nobody is reading the e-mails of American people, Mr. Wicker depicts a very different picture. He said using analytical software, the NSA could use mobile phones' metadata over time to paint a picture of where their users went, who they talked to and what their habits were.

Hours later after the revelation on FISA, came the second leak, this time by The Washington Post. It divulged the Internet spying program or “PRISM”. It’s a 6-year-old program designed to rake in vast amounts of data, from emails to chat records.

The program allowed the NSA and FBI to gain access as much as possible to the servers of major U.S. Internet companies such as Google, Apple, Microsoft, Facebook and AOL.

Like the phone-records program, PRISM was approved by a judge in a secret court order. Unlike that program and contrary to Obama’s assertion that “nobody is reading the e-mails of American people,” PRISM allowed the government to seize actual conversations: emails, video chats, instant messages and more.

Scope of phone and Internet surveillance has caused alarm among privacy advocates with some observers suggesting that it is only the tip of the iceberg. A former NSA official has staggering figures.

William Binney estimates that the agency has data on as many as 20 trillion phone calls and emails by US citizens. According to Washington Times, Binney says the collection dates back to when the super-secret agency began domestic surveillance after the Sept. 11 attacks.

In July 2008, Larry Chin wrote an article for the Global Research website predicting the events of past few days. “It gives the US government unprecedented new spying powers and sweeping new legal cover for spying that goes well beyond even the original FISA law - which itself was an abomination that already permitted the US president broad surveillance powers.”

PRISM was initially established under former US President George W. Bush in 2007. The program however has grown exponentially during Barack Obama's administration, just as other similar programs have including the National Defense Authorization Act (NDAA) which gives the government the power to arrest indefinitely American citizens to without habeas corpus for mere suspicions of ties to terrorism.

Michel Chossudovsky of Global Research says Obama “justifies the signing of the NDAA as a means to combating terrorism, as part of a counter-terrorism agenda. But in substance, any American opposed to the policies of the US government can - under the provisions of the NDAA - be labeled a “suspected terrorist” and arrested under military detention.”

Chossudovsky adds: “The signing of NDAA (HR 1540) into law is tantamount to the militarization of law enforcement, the repeal of the Posse Comitatus Act and the Inauguration in 2012 of Police State USA.”

DB/KA

Dariush Bavar is a commentator and political analyst.

Congress members denied access to information about NSA

Congress members denied access to information about NSA

Members of US Congress are blocked from supervising the National Security Agency’s surveillance programs, new documents reveal.

Documents provided by two House members demonstrate that American lawmakers have been repeatedly thwarted when attempting to learn basic information about the NSA and the secret FISA court which authorizes its activities, The Guardian reports.

The Obama administration and the NSA claim that Congress members were aware of the agency’s disclosed spying programs.

"These programs are subject to congressional oversight and congressional reauthorization and congressional debate," President Barack Obama said the day after the programs were leaked in June. "And if there are members of Congress who feel differently, then they should speak up."

On Wednesday night, Sen. Richard Blumenthal (D-Ct) told MSNBC that “the revelations about the magnitude, the scope and scale of these surveillances, the metadata and the invasive actions surveillance of social media Web sites were indeed revelations to me."

Former NSA contractor Edward Snowden revealed in June that the super spy agency is collecting phone records of Americans and the Internet data of Americans and foreign nationals.

According to The Guardian, two House members, GOP Rep. Morgan Griffith of Virginia and Democratic Rep. Alan Grayson of Florida, have so far failed in their efforts to learn about NSA programs and relevant FISA court rulings.

"If I can't get basic information about these programs, then I'm not able to do my job", the British newspaper quoted Rep. Griffith as saying.

He said his job includes "making decisions about whether these programs should be funded, but also an oath to safeguard the Constitution and the Bill of Rights, which includes the Fourth Amendment."

Despite their efforts to find a response from authorities, neither Griffith nor Grayson has received any of the documents they requested, The Guardian said.

ARA/ARA

What we do, what they know

 

Editor's Blog

What we do, what they know

Even primitive humans left data trails in the form of footsteps, campfires, and arrowheads. But in the digital age, we are constantly generating data. Search engines and advertisers tap it. So does the National Security Agency. Convenience and security are the upside. Loss of privacy is the downside.

By John Yemma, Editor / August 11, 2013

Commuters (and data sources) moved through lower Manhattan last spring.

  

The footprints and arrowheads left by Stone Age ancestors are data from which archaeologists piece together the prehistoric world. That was little data. Digital Age humans generate big data.

IBM estimates that 90 percent of the data in the world has been created in the past two years alone. The data flows from tweets, GPS signals, online searches, security cameras, and on and on. When all that data is vacuumed up and analyzed, it can produce insights into everything from retail marketing to crime fighting, electricity management to public health. In a Monitor cover story, Robert Lehrman delves into the benefits and costs of Big Data.

Along with the efficiencies and clever new applications that Big Data has yielded come big concerns about privacy. As science historian George Dyson noted in a recent article published in Edge.org, “If Google has taught us anything, it is that if you simply capture enough links, over time, you can establish meaning, follow ideas, and reconstruct someone’s thoughts. It is only a short step from suggesting what a target may be thinking now, to suggesting what that target may be thinking next.”

Even if you scrub all the cookies from your browser, ditch your cellphone, steer clear of social media, microwave your modem, and relocate to Walden Pond – just by being an earthling you’ll still leave a data trail. You’ll need to shop for food – or at least for seed to grow your own. Security cameras will see you, and the cash register will record your purchase. Selling any of that produce to buy shoes? Unless you’re a scofflaw, you have to pay taxes (more data). And you’re not going to stop phoning Mom and Dad, are you? Even a pay phone generates a call record.

Few people opt for the hermit lifestyle. Cellphones, computers, credit cards, and other conveniences are useful, even essential. So most of us make a mental bargain. We assume there’s a data trail and that for the most part it is nothing to worry about. Those security cameras deter crime. Those cookie-generated behavioral ads on the Internet may seem a little too familiar at times, but we’re adept at tuning out ads.

Even as Edward Snowden’s revelations of the scope of spying by the National Security Agency have boosted Americans’ concerns about privacy, according to recent opinion polls, there has not been a groundswell against the practice – perhaps because of continued concern about potential terrorism, perhaps a sense that only bad guys need worry.

But history shows that intelligence assets aimed at foreign threats can be employed domestically (see Cointelpro, Watergate, post-2001 warrantless surveillance – and far more egregious examples in other countries). Nor is it hard to imagine a mid-level employee in a government agency or private company (e.g., Mr. Snowden or Pfc. Bradley Manning) snooping out of curiosity or as a self-appointed whistle-blower. And ongoing phishing, spamming, and hacking problems on the Internet are a reminder that data hijackers are plentiful.

Here’s an easy prediction: Big Data is only going to get bigger. Every year, more sensors will produce more signals that will be more quickly analyzed. This will lead to more convenience. And more concern. Mr. Dyson – whose physicist father, Freeman Dyson, grappled with wondrous but fraught technologies such as nuclear energy – sums up the Big Data revolution this way: “Yes, we need big data, and big algorithms – but beware.”

John Yemma
Editor, The Christian Science Monitor
John Yemma is Editor of The Christian Science Monitor, which publishes international news and analysis at CSMonitor.com, in the Monitor Weekly newsmagazine, and in an email-delivered Daily News Briefing. He can be reached at editor@csmonitor.com.

Related stories

• Russia seeking Snowden's help on data security
• Extradition: How will the US get Edward Snowden out of Hong Kong? (+video)
• Decoder Wire Is US public rallying around Edward Snowden? (+video)

NSA: THE DECISION PROBLEM

Edge.org

To arrive at the edge of the world's knowledge, seek out the most complex and sophisticated minds, put them in a room together, and have them ask each other the questions they are asking themselves.

NSA: THE DECISION PROBLEM

George Dyson [7.27.13]

Topic:

Conversations

 

The ultimate goal of signals intelligence and analysis is to learn not only what is being said, and what is being done, but what is being thought. With the proliferation of search engines that directly track the links between individual human minds and the words, images, and ideas that both characterize and increasingly constitute their thoughts, this goal appears within reach at last. "But, how can the machine know what I think?" you ask. It does not need to know what you think—no more than one person ever really knows what another person thinks. A reasonable guess at what you are thinking is good enough.

GEORGE DYSON, Science Historian, is the author of Turing's Cathedral: The Origins of the Digital Universe, and Darwin Among the Machines.

[ED. NOTE: George Dyson's piece was commissioned by Frank Schirrmacher, co-publisher of the national German newspaper Frankfurter Allgemeine Zeitung (FAZ), where he is Editor of the Feuilleton, cultural and science pages of the paper. First published by FAZ on July 26, 2013.]

THE REALITY CLUB: Nicholas Carr, George Dyson

NSA: THE DECISION PROBLEM

Shortly after noon, local time, on 19 August 1960, over the North Pacific Ocean near Hawaii, a metal capsule about the size and shape of a large kitchen sink fell out of the sky from low earth orbit and drifted by parachute toward the earth. It was snagged in mid-air, on the third pass, by a C-119 "flying boxcar" transport aircraft from Hickam Air Force base in Honolulu, and then transferred to Moffett Field Naval Air Station, in Mountain View, California—where Google's fleet of private jets now sit parked. Inside the capsule was 3000 feet of 70mm Kodak film, recording seven orbital passes over 1,650,000 square miles of Soviet territory that was closed to all overflights at the time.

This spectacular intelligence coup was preceded by 13 failed attempts. Secrecy all too often conceals waste and failure within government programs; in this case, secrecy was essential to success. Any reasonable politician, facing the taxpayers, would have canceled the Corona orbital reconnaissance program after the eleventh or twelfth unsuccessful launch.

The Corona program, a joint venture between the CIA, the NSA, and the Department of Defense, was coordinated by the Advanced Research Projects Agency (ARPA) and continued, under absolute secrecy, for 12 more years and 126 more missions, becoming the most productive intelligence operation of the Cold War. "It was as if an enormous floodlight had been turned on in a darkened warehouse," observed former CIA program director Albert D. Wheelon, after the operation was declassified by order of President Clinton in 1995. "The Corona data quickly assumed the decisive role that the Enigma intercepts had played in World War II."

The resources and expertise that were gathered to support the Corona program, operating under cover of a number of companies and institutions centered around Sunnyvale, California (including Fairchild, Lockheed, and the Stanford Industrial Park) helped produce the Silicon Valley of today. Google Earth is Corona's direct descendant, and it is a fact as remarkable as the fall of the Berlin wall that anyone, anywhere in the world, can freely access satellite imagery whose very existence was a closely guarded secret only a generation ago.

PRISM, on the contrary, has been kept in the dark. Setting aside the question of whether wholesale, indiscriminate data collection is legal—which, evidently, its proponents believed it was—the presumed reason is that for a surveillance system to be effective against bad actors, the bad actors have to be unaware that they are being watched. Unfortunately, the bad actors to be most worried about are the ones who suspect that they are being watched. The tradecraft goes way back. With the privacy of houses came eavesdropping; with the advent of written communication came secret opening of mail; with the advent of the electric telegraph came secret wiretaps; with the advent of photography came spy cameras; with the advent of orbital rocketry came spy satellites. To effectively spy on the entire Internet you need your own secret Internet—and Edward Snowden has now given us a glimpse into how this was done.

The ultimate goal of signals intelligence and analysis is to learn not only what is being said, and what is being done, but what is being thought. With the proliferation of search engines that directly track the links between individual human minds and the words, images, and ideas that both characterize and increasingly constitute their thoughts, this goal appears within reach at last. "But, how can the machine know what I think?" you ask. It does not need to know what you think—no more than one person ever really knows what another person thinks. A reasonable guess at what you are thinking is good enough.

Data mining, on the scale now practiced by Google and the NSA, is the realization of what Alan Turing was getting at, in 1939, when he wondered "how far it is possible to eliminate intuition, and leave only ingenuity," in postulating what he termed an "Oracle Machine." He had already convinced himself of the possibility of what we now call artificial intelligence (in his more precise terms, mechanical intelligence) and was curious as to whether intuition could be similarly reduced to a mechanical procedure—although it might (indeed should) involve non-deterministic steps. He assumed, for sake of argument, that "we do not mind how much ingenuity is required, and therefore assume it to be available in unlimited supply."

And, as if to discount disclaimers by the NSA that they are only capturing metadata, Turing, whose World War II work on the Enigma would make him one of the patron saints of the NSA, was already explicit that it is the metadata that count. If Google has taught us anything, it is that if you simply capture enough links, over time, you can establish meaning, follow ideas, and reconstruct someone's thoughts. It is only a short step from suggesting what a target may be thinking now, to suggesting what that target may be thinking next.

Does this not promise a safer world, protected not only from bad actors attempting to do dangerous things, but from bad actors developing dangerous thoughts? Yes, but at what cost? There's a problem, and it's the problem that Alan Turing was trying to answer when he first set us down this path. Turing delivered us into the digital age, as a 24-year-old graduate student, not by building a computer, but by writing a purely mathematical paper, "On Computable Numbers, with an Application to the Entscheidungsproblem," published in 1936. The Decision Problem, articulated by Göttingen's David Hilbert, concerned the abstract mathematical question of whether there could ever be any systematic mechanical procedure to determine, in a finite number of steps, whether any given string of symbols represented a provable statement or not.

The answer was no. In modern computational terms (which just happened to be how, in an unexpected stroke of genius, Turing framed his argument) no matter how much digital horsepower you have at your disposal, there is no systematic way to determine, in advance, what every given string of code is going to do except to let the codes run, and find out. For any system complicated enough to include even simple arithmetic, no firewall that admits anything new can ever keep everything dangerous out.

What we have now is the crude equivalent of snatching snippets of film from the sky, in 1960, compared to the panopticon that was to come. The United States has established a coordinated system that links suspect individuals (only foreigners, of course, but that definition becomes fuzzy at times) to dangerous ideas, and, if the links and suspicions are strong enough, our drone fleet, deployed ever more widely, is authorized to execute a strike. This is only a primitive first step toward something else. Why kill possibly dangerous individuals (and the inevitable innocent bystanders) when it will soon become technically irresistible to exterminate the dangerous ideas themselves?

There is one problem—and it is the Decision Problem once again. It will never be entirely possible to systematically distinguish truly dangerous ideas from good ones that appear suspicious, without trying them out. Any formal system that is granted (or assumes) the absolute power to protect itself against dangerous ideas will of necessity also be defensive against original and creative thoughts. And, for both human beings individually and for human society collectively, that will be our loss. This is the fatal flaw in the ideal of a security state.

When the creation of the U.S. Department of Homeland Security was announced, Marvin Minsky, one of Turing's leading disciples, responded that "what we need is a Department of Homeland Arithmetic." He was right. This sounds depressing. What do we have to do, turn all the computers off? No, we just need to turn off the secrecy, and conduct our data collection and data mining in the open, where it belongs. Ordinary citizens can tell the difference between regular police and secret police, and should be trusted to make the choice.

Consider the use of security cameras, for example in the UK. They are ubiquitous, visible, and used openly by the police under rules that have been defined in open court. Similarly, reasonable people might well support the maintenance of a global Internet memory buffer for law enforcement purposes, with access to the repository controlled under open rules by an open court.

There will always be illicit spying, but it should be kept within reasonable bounds. It is disturbing if laws had to be broken to conduct the PRISM surveillance program, but, if laws didn't have to be broken, that's worse. Edward Snowden has brought this matter before the public, and the path that led from Corona to Google Earth, through Silicon Valley, demonstrates that a secret program can be brought into the open, to the benefit of all, without necessarily being brought to a halt.

This is much bigger than the relative merits of national security vs. the fourth amendment to the U.S. Constitution, or any of the other debates by which the Snowden revelations have been framed. We are facing a fundamental decision (as Turing anticipated) between whether human intelligence or machine intelligence is given the upper hand. The NSA has defended wholesale data capture and analysis with the argument that the data (and metadata) are not being viewed by people, but by machines, and are therefore, legally, not being read. This alone should be cause for alarm.

And what of the current obsession with cyberterrorism and cyberwar? We should deliberately (and unilaterally if need be) abandon the weaponization of codes and the development of autonomous weapons—two different approaches to the same result. They both lead us into battles that can never be won. A good example to follow is the use of chemical and biological weapons—yes, they remain freely available, but we have achieved an almost universal consensus not to return to the horrors of poison gas in World War I. Do we have to repeat the mistake? We are currently taking precisely the wrong approach: fast-tracking the development of secret (and expensive) offensive weapons instead of an open system of inexpensive civilian-based defense.

Fourteen years ago, I spent an afternoon in La Jolla, California with Herbert York, the American physicist of Mohawk ancestry who became Eisenhower's trusted advisor and one of the wisest and most effective administrators of the Cold War. York was appointed founding scientific director of ARPA and was instrumental both in the development of the hydrogen bomb and its deployment, in a few short years, by a working fleet of Intercontinental Ballistic Missiles, or ICBMs. He was sober enough to be trusted with the thermonuclear arsenal, yet relaxed enough about it that he had to be roused out of bed in the early morning of July 6, 1961, because he had driven someone else's car home by mistake.

York understood the workings of what Eisenhower termed the military-industrial complex better than anyone I ever met. "The Eisenhower farewell address is quite famous," he explained to me over lunch. "Everyone remembers half of it, the half that says beware of the military-industrial complex. But they only remember a quarter of it. What he actually said was that we need a military-industrial complex, but precisely because we need it, beware of it. Now I,ve given you half of it. The other half: we need a scientific-technological elite. But precisely because we need a scientific-technological elite, beware of it. That's the whole thing, all four parts: military-industrial complex; scientific-technological elite; we need it, but beware; we need it but beware. It's a matrix of four."
We are much, much deeper in a far more complicated matrix now. And now, more than ever, we should heed Eisenhower's parting advice. Yes, we need big data, and big algorithms—but beware.

 

---

Reality Club Discussion

Nicholas G. Carr

 

Author, The Shallows and The Big Switch

 

RESPONSE TO GEORGE DYSON

In the summer of 2006, America Online released a log of all the web searches made by more than a half million of its members over the course of a three-month period earlier in the year. AOL acted with the best of intentions. It hoped researchers would be able to use the logs to improve the workings of search engines. To protect the privacy of its members, it stripped all personal information from the data set. Each member was identified only by a number. But, much to AOL’s surprise and embarrassment, the "anonymization" didn’t work. It took a couple of New York Times reporters just a few hours to figure out one AOL member’s identity—her name and address—just by examining her list of search keywords. "My goodness," the woman exclaimed when the reporters tracked her down and showed her the search log, "it’s my whole personal life."

In the age of the web, as George Dyson expertly explains, we are our metadata. We all disclose ourselves—our names, our addresses, our acquaintances, our thoughts and intentions—through what we search for, whom we friend and follow, the people we call and text. Dyson warns that once a powerful and secretive government bureaucracy is able to automate the deciphering of thoughts, it is on a path that leads, logically though not inevitably, to the ability to automate the control of thoughts. A drone strike is a particularly lethal means of reminding someone that their intentions have strayed out of bounds. One can imagine an array of more subtle tactics to nudge people away from dangerous or merely suspicious ideas.

Dyson, in his essay, "NSA: The Decision Problem", has done us a favor by connecting the dots, both backward to the origins of modern predictive algorithms and forward to the potentially stifling effect of using such algorithms to spy on personal action and speech. I wonder whether there’s another set of dots to be connected to the commercial use of data-mining and prediction tools. The data collection and processing infrastructure that the NSA and other spy agencies use for espionage is the infrastructure built by internet companies to monitor people’s behavior and thoughts for business purposes. The new, digitized "military-industrial complex" still depends on the capabilities of its "industrial" partners, whether they take part willingly or reluctantly. The Snowden disclosures should encourage us to take a hard look at the secrecy of commercial data collection in “the cloud.”
Dyson argues, drawing on historical precedent, that "a secret program can be brought into the open, to the benefit of all, without necessarily being brought to a halt." That goes for the data-mining programs of companies like Google, Facebook, Microsoft, and Apple as well as those of agencies like the NSA. What personal data is being collected? How is it being used? With whom is it being shared? The development of a stifling surveillance culture begins at the moment that the data on our thoughts and behavior is initially recorded.

George Dyson

Science Historian; Author, Turing's Cathedral: The Origins of the Digital Universe; Darwin Among the Machines

THREE ADDITIONAL POINTS

I might add three points that were not included in the piece I wrote for FAZ in Germany and also published by Edge, roughly:

1) The Corona program was of such immense historical and strategic importance because the intelligence it produced showed that the USSR did not have nearly as many missiles and launchers as we feared they did. Corona served as a much-needed damper on the Cold War arms race (pushed vigorously by that military-industrial complex that Eisenhower warned about) which might have been even worse without reliable intelligence.

2) PRISM etc. could well produce the same result--if we capture all the e-mails in the world, and break all the encryption, we may discover that the world is not nearly as full of terrorists actually threatening the homeland as certain factions are warning us to be afraid of. It may really turn out to just be mostly cat videos (and normal criminal activity). The question is, will the security-industrial complex inform us of that?

3) The current security hysteria has all the indicators of an autoimmune disease--when the organism starts reacting against itself.

What's Related

People

George Dyson

Science Historian; Author, Turing's Cathedral: The...

Contributors

George Dyson

Science Historian; Author, Turing's... [ Read ]

Nicholas G. Carr

Author, The Shallows and The Big Switch [ Read ]

Books

Turing's Cathedral: The Origins of the... By George Dyson Hardcover [2012]	Project Orion: The True Story of the Atomic... By George Dyson Hardcover [2002]

Breaking the Rules Thousands of Times a Day at The NSA

Published on Sunday, August 18, 2013 by The New Yorker

Breaking the Rules Thousands of Times a Day at The NSA

by Amy Davidson

 

 

What does the National Security Agency consider a small or a big number? The Washington Post’s Barton Gellman has a report based on documents the paper got from Edward Snowden about an N.S.A. audit that found two thousand seven hundred and seventy-six “incidents” in 2012 in which it broke its own rules about spying on Americans, either accidentally or on purpose. That is seven times a day, which sounds less like a slip than a ritual. But to call those violations frequent, according to the agency, would be to misunderstand the scale of its operations: “You can look at it as a percentage of our total activity that occurs each day,” a senior N.S.A. official told the paper. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.” We spy so much that the math gets hard; even thousands of privacy and legal violations can’t really be held against us.





But how many thousands? As it turns out, there are numbers packed into the numbers. An “incident” can have affected multiple people—even multitudes. In a single one of the two thousand seven hundred and seventy-six cases, someone at the N.S.A. made a mistake in entering a number into a search request. As a result, instead of pulling information on phone calls from Egypt (country code 20) the agency got data on “a large number” of calls from Washington, D.C. (area code 202). How many, and what did they learn? There are more Egyptians than there are Washingtonians, but the N.S.A.’s mandate forbids it from spying on Americans, and singling out an area as politicized as Washington seems particularly unfortunate. Mistyping the country code for Iran could have left analysts looking at calls in North Carolina and Louisiana. Another incident involved “the unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy…. Each file contained an undisclosed number of telephone call records.” The Post said that it was not able to tell how many Americans were affected in all. Those two examples suggest that the number could be very, very big—even by the N.S.A.’s standards.

There are other ways the number multiplies. One incident involved someone the N.S.A. continued to target well after it confirmed that he had a green card, and was therefore off limits. There were four “selectors” associated with this person—these might be things like e-mail addresses or phone number—which led to requests for “881 cuts in NUCLEON,” a program that collects the contents of phone calls; thirty-two reports; and “serialized dissemination” of information to other parts of the government. There are many ways to get on a list; what seems hard is getting off of one.
The information spreads, and it contracts or is flattened: in a training document the Post published (in redacted form), analysts were told not to give their “overseers” any “extraneous information.” The rationale for a surveillance request should be “no longer than one short sentence”—and in particular that “your rationale MUST NOT contain any additional information including: probable cause-like information.” One fictional example in the training document involves a target named “Mohammad Badguy” whose name was found on the buddy list of his brother-in-law, who had some connection to Al Qaeda in Somalia. In the request, the part about being brothers-in-law is omitted: there is just selector, buddy list, Al Qaeda.


Suspicion becomes an indexing label. Everyone is a Badguy.

The audit shows that the N.S.A. considered most of the incidents to be errors—“operator error” or “computer error.” There were a lot of typos; that’s darkly funny, if you’re in the right mood. But “error” is a bit of a dodge. It includes categories like “did not follow standard operating procedures”—by mistake?—“training issues” and “workload issues.” Also, too-broad search terms, like “any communications that mentioned both the Swedish manufacturer Ericsson and ‘radio’ or ‘radar.’” What that seems to mean is that a great deal of private American communications are swept into databases because the N.S.A. has people who work for it who don’t follow the rules, don’t know the rules, or are assigned tasks in a way that just leads to rules being broken. That is a structural scandal, not a mistake.

The White House and the N.S.A. have tried to give a different, false impression, talking about occasional mistakes quickly dealt with. The Post notes that the unclassified version of the Administration’s regular report on the agency mentioned “a small number of compliance incidents.” And the audit doesn’t cover all of the N.S.A.’s facilities. Three government officials told the Post that there would be many more violations to count if it did. After the Post story was published, Senators Ron Wyden and Mark Udall issued a statement, saying, “Americans should know that this confirmation is just the tip of a larger iceberg.”

The agency does train its people not to talk too much about broken rules. (The 20-202 error was not reported to the FISA court or Congress, whose members likely had phones with that area code.) The documents make it clear that the agency was not telling the court or Congress even less than the little we thought it did. On Friday, Nancy Pelosi, the House Minority leader, called the new report “extremely disturbing”; in another piece, the Post’s Carol Leonnig spoke to the chief judge of the FISA court, Reggie Walton, who said that there wasn’t much he and the other judges could do other than rely on what the N.S.A. told them: the court “does not have the capacity to investigate issues of noncompliance.” According to the audit, the majority of these violations were caught thanks to automated alerts, and not because someone at the N.S.A. raised his or her hand. (The one who did, ultimately and emphatically, was Edward Snowden.) Is that because the alerts were so strict, or the humans so lax? Which number is wrong?

© 2013 The New Yorker

Amy Davidson is a senior editor at The New Yorker.

Snowden and the Stupidity of the Security State: A Doomed System

 

August 12, 2013

A Doomed System

Snowden and the Stupidity of the Security State

by KEVIN CARSON

 

 

Back in 2006 Ori Brafman and Rod Beckstrom, in The Starfish and the Spider, contrasted the way networks and hierarchies respond to outside attacks. Networks, when attacked, become even more decentralized and resilient. A good example is Napster and its successors, each of which has more closely approached an ideal peer-to-peer model, and further freed itself from reliance on infrastructure that can be shut down by central authority, than its predecessors. Hierarchies, on the other hand, respond to attack by becoming even more ossified, brittle and closed. Hierarchies respond to leaks by becoming internally opaque and closed even to themselves, so that their information is compartmentalized and they are less able to make effective use of the knowledge dispersed among their members.

We can see this in the way the national security state has responded to leaks, first by US Army PFC Bradley Manning and now by former NSA contractor Edward Snowden. Hugh Gusterton, in Bulletin of the Atomic Scientists (“Not All Secrets are Alike,” July 23), notes that the government is taking measures to avoid future such leaks by “segmenting access to information so that individual analysts cannot avail themselves of so much, and by giving fewer security clearances, especially to employees of contractors.”

This approach is doomed. “Segmentation of access runs counter to the whole point of the latest intelligence strategy, which is fusion of data from disparate sources. The more Balkanized the data, the less effective the intelligence. And … intelligence agencies are collecting so much information that they have to hire vast numbers of new employees, many of whom cannot be adequately vetted.”

Meanwhile, the internal witch hunt atmosphere in the U.S. security apparatus is alienating the very contract-work hackers whose skills it is increasingly dependent on. The Electronic Frontier Foundation (EFF) sticker on Snowden’s laptop wasn’t a deviation the NSA’s leadership failed to catch. It’s typical of the cultural pool from which the NSA, of necessity, recruits its contractors. Such people read the news, and they aren’t impressed with the government’s draconian treatment of people like Aaron Swartz, Bradley Manning and Edward Snowden. Recruiters are running up against increased skepticism among those with the skills it needs; the chilly reception NSA chief Keith Alexander met with at DefCon is symbolic of this new atmosphere.

Further, as an anonymous former EFF intern notes, even idealistic young people who believe in the NSA’s mission find themselves paralyzed by the increasingly adversarial atmosphere, afraid even to type code into a terminal for fear of learning after the fact that they violated one of the CFAA’s vague, Kafkaesque provisions.

All this is happening even as surveillance agencies are deluged with ever-increasing, unmanageable amounts of raw data. The ratio of hay to needles is growing exponentially. The larger the volume of raw data to be analyzed algorithmically, the larger the number of false positives the system generates. The sheer volume of false positives, and the ratio of false positives to genuine leads, is enough to paralyze government. Back in 2009, Homeland Security couldn’t react in time to stop the Underwear Bomber when his own father directly notified them he was planning to blow up a plane.

The very people the security state is most interested in monitoring — ranging from genuine terrorists to domestic dissidents like Snowden and the occupy movement — respond to every increase in surveillance by making themselves more opaque to the government. The Snowden scandal resulted in a spike in adoption of measures like PGP encryption and TOR browsing. Even as the NSA is hoovering up more and more hay, more and more needles quietly remove themselves from the haystack.

The U.S. security state and its agencies, in the long run, are doomed for the same reason that all authoritarian hierarchies are doomed: They’re stupid. And the people they’re trying to control are smart.

Kevin Carson is a senior fellow of the Center for a Stateless Society (c4ss.org) and holds the Center’s Karl Hess Chair in Social Theory.

Has the US become the type of nation from which you have to seek asylum?

The Washington Post

WONKBLOG

Has the US become the type of nation from which you have to seek asylum?

 

By Timothy B. Lee, Published: June 9 at 3:23 pmE-mail the writer

928

Comments

More

The whistleblower who disclosed classified documents regarding NSA surveillance to The Washington Post and the Guardian has gone public. He is Edward Snowden, 29, an employee of defense contractor Booz Allen Hamilton.

Edward Snowden (The Guardian)

Rather than face charges in the United States, Snowden has fled to Hong Kong. He plans to seek asylum in a nation with a strong civil liberties record, such as Iceland.

Americans are familiar with stories of dissidents fleeing repressive regimes such as those in China or Iran and seeking asylum in the United States. Snowden is in the opposite position. He’s an American leaving the land of his birth because he fears persecution.

Four decades ago, Daniel Ellsberg surrendered to federal authorities to face charges of violating the Espionage Act. During his trial, he was allowed to go free on bail, giving him a chance to explain his actions to the media. His case was eventually thrown out after it was revealed that the government had wiretapped him illegally.

Bradley Manning, a soldier who released classified documents to WikiLeaks in 2010, has had a very different experience. Manning was held for three years without trial, including 11 months when he was held in de facto solitary confinement. During some of this period, he was forced to sleep naked at night, allegedly as a way to prevent him from committing suicide. The United Nations’ special rapporteur on torture has condemned this as “cruel, inhuman and degrading treatment in violation of Article 16 of the convention against torture.”

Ellsberg has argued that this degrading treatment alone should be grounds for dismissing the charges against Manning. Instead, the government has sought the harshest possible sentence. Even after Manning pleaded guilty to charges that could put him in prison for 20 years, the government has still pushed forward with additional charges, including “aiding the enemy” and violating the Espionage Act, that were intended to be used against foreign spies, not whistleblowers.

The civilian whistleblowers targeted by the Obama administration haven’t received treatment as harsh as Manning’s. But it’s telling that in none of their cases have the courts reached the legal and constitutional merits. The government’s strategy, in leak cases and many others, is to seek the maximum possible charges and then “plea bargain” down to a sentence the government considers more reasonable.

For example, John Kiriakou, who blew the whistle on torture by the CIA, was charged with five counts, each of which carries a maximum sentence of five to 10 years. With those harsh penalties hanging over his head, Kiriakou waived his right to a trial and accepted a sentence of 30 months in prison. Shamai Leibowitz, another leaker, accepted a 20-month sentence under similar circumstances. Another whistleblower had his case thrown out, and two others still have their cases pending.

If Snowden had chosen to stay in the United States, he would have faced a stark choice: accept a multi-year prison sentence for actions he believed to be in the public interest or go to trial and risk decades in prison if the courts were not persuaded by his legal and constitutional arguments. The American activist Aaron Swartz was facing exactly that choice when he committed suicide in January.

Because of the government’s misconduct in the Ellsberg case, the courts never reached the legal and constitutional merits of prosecuting a whistleblower under the Espionage Act. But as he was going to trial, he would have had reason to be optimistic that the courts would see things his way. The Supreme Court had declared warrantless wiretapping unconstitutional in 1967 and refused to block publication of the Pentagon Papers in 1971.

The current Supreme Court is less sympathetic to civil liberties. For example, earlier this year, the justices threw out a constitutional challenge to the FISA Amendments Act because the plaintiffs could not prove that they had personally been targets of surveillance. Because of the documents Snowden released, we now know that the FISA Amendments Act is the basis for the NSA’s PRISM program.

If Snowden had surrendered himself to U.S. authorities, he almost certainly would have faced charges that carry penalties of decades in prison. He might have rationally feared being subject to years of pretrial detention and the kind of degrading treatment Manning faced. And if he had chosen to fight the charges, he would have risked spending decades in prison if he lost.

There’s no question that the United States has stronger protections for free speech and the rule of law than repressive regimes like China or Iran. But it’s also clear that our courts defend constitutional rights less zealously today than they did in Ellsberg’s day. Snowden wasn’t crazy to question whether he’d be treated fairly by the American justice system.

NSA broke privacy rules thousands of times per year, audit finds

 The Washington Post

National Security

NSA broke privacy rules thousands of times per year, audit finds

By Barton Gellman, Published: August 15 E-mail the writer

       

 

 

The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.

Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.

Read the documents

NSA report on privacy violations

Read the full report with key sections highlighted and annotated by the reporter.

FISA court finds illegal surveillance

The only known details of a 2011 ruling that found the NSA was using illegal methods to collect and handle the communications of American citizens.

What's a 'violation'?

View a slide used in a training course for NSA intelligence collectors and analysts.

What to say (and what not to say)

How NSA analysts explain their targeting decisions without giving "extraneous information" to overseers.

More on this story:

FISA court judge: Ability to police U.S. spying program limited

Carol D. Leonnig AUG 15

Spy court chief judge says it must rely on government to say when it improperly spies on Americans.

NSA statements to The Post

Barton Gellman AUG 15

The National Security Agency offered these comments on The Post’s story on privacy violations.

New demands for reform of NSA spy programs

Ellen Nakashima AUG 16

Some lawmakers called Friday for greater transparency in the surveillance operations of the National Security Agency, while U.S. officials stressed that any mistakes committed by the agency were not intentional. The contrasting reactions came after The Washington Post reported that the NSA violated rules or overstepped its legal authority thousands of times in recent years. 

The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.

[FISA judge: Ability to police U.S. spying program is limited]
The Obama administration has provided almost no public information about the NSA’s compliance record. In June, after promising to explain the NSA’s record in “as transparent a way as we possibly can,” Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check. “Every now and then, there may be a mistake,” Cole said in congressional testimony.

The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.

In a statement in response to questions for this article, the NSA said it attempts to identify problems “at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.” The government was made aware of The Post’s intention to publish the documents that accompany this article online.

“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity.

“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”

There is no reliable way to calculate from the number of recorded compliance issues how many Americans have had their communications improperly collected, stored or distributed by the NSA.

The causes and severity of NSA infractions vary widely. One in 10 incidents is attributed to a typographical error in which an analyst enters an incorrect query and retrieves data about U.S phone calls or e-mails.

But the more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance.

The May 2012 audit, intended for the agency’s top leaders, counts only incidents at the NSA’s Fort Meade headquarters and other ­facilities in the Washington area. Three government officials, speak­ing on the condition of anonymity to discuss classified matters, said the number would be substantially higher if it included other NSA operating units and regional collection centers.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it, said in a statement late Thursday that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”

Despite the quadrupling of the NSA’s oversight staff after a series of significant violations in 2009, the rate of infractions increased throughout 2011 and early 2012. An NSA spokesman declined to disclose whether the trend has continued since last year.

One major problem is largely unpreventable, the audit says, because current operations rely on technology that cannot quickly determine whether a foreign mobile phone has entered the United States.

In what appears to be one of the most serious violations, the NSA diverted large volumes of international data passing through fiber-optic cables in the United States into a repository where the material could be stored temporarily for processing and selection.

The operation to obtain what the agency called “multiple communications transactions” collected and commingled U.S. and foreign e-mails, according to an article in SSO News, a top-secret internal newsletter of the NSA’s Special Source Operations unit. NSA lawyers told the court that the agency could not practicably filter out the communications of Americans.

In October 2011, months after the program got underway, the Foreign Intelligence Surveillance Court ruled that the collection effort was unconstitutional. The court said that the methods used were “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion, and it ordered the NSA to comply with standard privacy protections or stop the program.

James R. Clapper Jr., the director of national intelligence, has acknowledged that the court found the NSA in breach of the Fourth Amendment, which prohibits unreasonable searches and seizures, but the Obama administration has fought a Freedom of Information lawsuit that seeks the opinion.

Generally, the NSA reveals nothing in public about its errors and infractions. The unclassified versions of the administration’s semiannual reports to Congress feature blacked-out pages under the headline “Statistical Data Relating to Compliance Incidents.”

Members of Congress may read the unredacted documents, but only in a special secure room, and they are not allowed to take notes. Fewer than 10 percent of lawmakers employ a staff member who has the security clearance to read the reports and provide advice about their meaning and significance.

The limited portions of the reports that can be read by the public acknowledge “a small number of compliance incidents.”

Under NSA auditing guidelines, the incident count does not usually disclose the number of Americans affected.

“What you really want to know, I would think, is how many innocent U.S. person communications are, one, collected at all, and two, subject to scrutiny,” said Julian Sanchez, a research scholar and close student of the NSA at the Cato Institute.

The documents provided by Snowden offer only glimpses of those questions. Some reports make clear that an unauthorized search produced no records. But a single “incident” in February 2012 involved the unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy, according to the May 2012 audit. Each file contained an undisclosed number of telephone call records.

One of the documents sheds new light on a statement by NSA Director Keith B. Alexander last year that “we don’t hold data on U.S. citizens.”

Some Obama administration officials, speaking on the condition of anonymity, have defended Alexander with assertions that the agency’s internal definition of “data” does not cover “metadata” such as the trillions of American call records that the NSA is now known to have collected and stored since 2006. Those records include the telephone numbers of the parties and the times and durations of conversations, among other details, but not their content or the names of callers.

The NSA’s authoritative def­inition of data includes those call records. “Signals Intelligence Management Directive 421,” which is quoted in secret oversight and auditing guidelines, states that “raw SIGINT data . . . includes, but is not limited to, unevaluated and/or unminimized transcripts, gists, facsimiles, telex, voice, and some forms of computer-generated data, such as call event records and other Digital Network Intelligence (DNI) metadata as well as DNI message text.”

In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.

The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.

The large number of database query incidents, which involve previously collected communications, confirms long-standing suspicions that the NSA’s vast data banks — with code names such as MARINA, PINWALE and XKEYSCORE — house a considerable volume of information about Americans. Ordinarily the identities of people in the United States are masked, but intelligence “customers” may request unmasking, either one case at a time or in standing orders.

In dozens of cases, NSA personnel made careless use of the agency’s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar” — a query that could just as easily have collected on people in the United States as on their Pakistani military target.

The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

In one required tutorial, NSA collectors and analysts are taught to fill out oversight forms without giving “extraneous information” to “our FAA overseers.” FAA is a reference to the FISA Amendments Act of 2008, which granted broad new authorities to the NSA in exchange for regular audits from the Justice Department and the Office of the Director of National Intelligence and periodic reports to Congress and the surveillance court.

Using real-world examples, the “Target Analyst Rationale Instructions” explain how NSA employees should strip out details and substitute generic descriptions of the evidence and analysis behind their targeting choices.

“I realize you can read those words a certain way,” said the high-ranking NSA official who spoke with White House authority, but the instructions were not intended to withhold information from auditors. “Think of a book of individual recipes,” he said. Each target “has a short, concise description,” but that is “not a substitute for the full recipe that follows, which our overseers also have access to.”


Julie Tate and Carol D. Leonnig contributed to this report.