Toilet in Tobermory, Ontario, via Dima's Corner. |
Reports today in the New York Times and ProPublica confirm what EFF’s Jewel v. NSA lawsuit has claimed since 2008—that the NSA and AT&T have collaborated to build a domestic surveillance infrastructure, resulting in unconstitutional seizure and search of of millions, if not hundreds of millions, of Americans’ Internet communications.Well, no, they don't confirm that at all. Yes, the tight relationship between NSA and AT&T seems to be demonstrated, but as the Times introduction to the documents makes clear,
They show how the agency’s partnership with AT&T has been particularly important, enabling it to conduct surveillance, under several different legal rules, of international and foreign-to-foreign Internet communications that passed through network hubs on American soil. (my bold)
Thus, p. 7 (from a document of January 2007, and presumably illustrating the first phase of NSA surveillance after the Bush administration was forced to drop its warrantless surveillance that month):
"SSO programs operating under this authority have filters at their collection front-ends to ensure only authorized traffic (i.e. foreign-to-foreign) is forwarded to the DNR and DNI selection engines.... Despite best efforts, occasionally there may be an "authorized" DNR or DNI hit forwarded to the TOPI, which based on TOPI analysis eventually determines that one-end of the intercept is actually in the US. We refer to this as a "domestic incident". This usually occurs in the DNR world, where one-end of the intercept will make a reference to being in the US.... TOPI's must inform SSO Corp Team when this occurs by email [and] SSO files a formal report to NSA/SV for each occurrence of a domestic incident."
And, p 14:
"BLARNEY is the leading source of FISA collection, producing over 11,000 reports and is consistently a top contributor to the President's Daily Brief. The program contributes to over 60% of product reporting to the Counterterrorism product line and over 80% of the overall FAA reporting.
"In order to task BLARNEY, there must be a valid court order for the target.... The Court Order process is extremely long and time-intensive for everyone involved, but the collection payout is fantastic."
It doesn't prove, obviously, that NSA doesn't seize millions of US communications. The documents could be lying, or covering up, or blandly unconscious of some skullduggery that's really going on, or about an exceptionally non-skullduggerous program. But there's not a word here to contradict anything the NSA has said in its defense. The documents in this dump don't provide any evidence that they do seize them, either, and to suggest otherwise is really irresponsible. And propaganda. Your heart may be in the right place, bro, in the struggle against the Deep State and all, but lying and/or willed ignorance always let the side down.
I found a helpful source in getting a grip on the story in the work of Matthew Aid, the independent researcher who busted the CIA and Air Force for clandestinely removing documents from the National Archives in 2006, and who has been working on a history of the NSA since 1986, in a blog post from 2014 summarizing what we know about the NSA's electronic eavesdropping programs on the basis of the PRISM PowerPoint slide deck unveiled by Edward Snowden in June 2013, to which these BLARNEY slides, evidently designed by the same ill-paid church-basement hand, are apparently something like a sequel.
I am not going to try to summarize this material, but I am going to quote Aid on a couple of key points.
First, that neither the PRISM program which gets data from the nine Internet companies (Microsoft/Yahoo/Google/Facebook/PalTalk/YouTube/Skype/AOL/Apple) nor the Upstream program that gets it from telephone networks like Verizon and AT&T (the subject of today's slides) is actually snatched by the NSA from the company servers, as the Washington Post and Guardian claimed. The PRISM stuff, some 90% of the total, is actually collected by the FBI! And the Upstream collection (of which today's BLARNEY is a component, or maybe the whole thing) are filtered by the companies at the pickup point (the same filters mentioned above, from p. 7 of the current dump), to get rid of communications originating in or destined for US persons or US territory.
Second, that although Snowden claimed the lack of oversight control meant analysts would have access to virtually any communications anywhere in the world, the PRISM slides make clear that they have to go through a pretty strenuous multiple-stage process to get permission:
I wasn't, as I said way back at the beginning, especially concerned about the telephony metadata collection in which NSA aimed specifically at the totality of US phone communications, and which was ruled illegal by the Second Circuit court last May and probably shut down at the end of that month, because I didn't see how it could be used for seriously illegitimate purposes (it didn't collect message content, and if you understand anything about social network theory, you'll understand why it wasn't going to make trouble with the pizza guy or the phone sex service, because pizza customers and phone sex clients don't call each other, and there isn't any network).
But I didn't at all like the look of the Internet communications, where the collection could include names or nyms, subject lines, and even conceivably message bodies, material that could be used in dragnet profiling by a program such as XKeyscore. The newest revelations about the BLARNEY program really reassure me, because they show it as being so poorly equipped for abuse:
All this does not mean that the NSA does not collect some US emails without a warrant, even though it is strictly against the rules for them to do so. In the first place they undoubtedly make mistakes, and they might not report them as quickly as they're supposed to do, though the telephone metadata examples show that they do it pretty rigorously on a quarterly basis—I found a helpful source in getting a grip on the story in the work of Matthew Aid, the independent researcher who busted the CIA and Air Force for clandestinely removing documents from the National Archives in 2006, and who has been working on a history of the NSA since 1986, in a blog post from 2014 summarizing what we know about the NSA's electronic eavesdropping programs on the basis of the PRISM PowerPoint slide deck unveiled by Edward Snowden in June 2013, to which these BLARNEY slides, evidently designed by the same ill-paid church-basement hand, are apparently something like a sequel.
I am not going to try to summarize this material, but I am going to quote Aid on a couple of key points.
First, that neither the PRISM program which gets data from the nine Internet companies (Microsoft/Yahoo/Google/Facebook/PalTalk/YouTube/Skype/AOL/Apple) nor the Upstream program that gets it from telephone networks like Verizon and AT&T (the subject of today's slides) is actually snatched by the NSA from the company servers, as the Washington Post and Guardian claimed. The PRISM stuff, some 90% of the total, is actually collected by the FBI! And the Upstream collection (of which today's BLARNEY is a component, or maybe the whole thing) are filtered by the companies at the pickup point (the same filters mentioned above, from p. 7 of the current dump), to get rid of communications originating in or destined for US persons or US territory.
Second, that although Snowden claimed the lack of oversight control meant analysts would have access to virtually any communications anywhere in the world, the PRISM slides make clear that they have to go through a pretty strenuous multiple-stage process to get permission:
1. For Surveillance a first review is done by an FAA Adjudicator in the analysts Product Line (S2) and for Stored Comms there’s a review by the Special FISA Oversight and Processing unit (SV4).Finally, that, as the PRISM slides demonstrate, data requests are strictly required to relate to a fixed list of subject areas:
2. A second and final review is done in both cases by the Targeting and Mission Management (S343) unit. Only after passing both stages, the request is released through the UTT and the PRINTAURA distribution managing system.
3. For Stored Comms the Electronic Communications Surveillance Unit (ECSU) of the FBI even does a third check against its own database to filter out known Americans.
Then it’s the Data Intercept Technology Unit (DITU) of the FBI that goes to the various internet companies to pick up the requested data and then sends them back to NSA.
These lists show that collection under the PRISM program is not restricted to counter-terrorism, but is also not about monitoring ordinary people all over the world, as many people still think. PRISM is used for gathering information about a range of targets derived from the topics in the NSA’s Strategic Mission List (pdf). The 2007 edition of this list was also among the Snowden-documents and subsequently published, but got hardly any attention.Including the kind of targets I really want NSA to be working on, as I was saying back in September 2013, and as corroborated by Aid's NSA link:
(S//S1) N . MISSION : Narcotics and Transnational Criminal Syndicates and Networks: Mitigating the impact on U.S. national interests from drug trafficking organizations (DTOs) and transnational criminal syndicates and networks (TCSNs). Focus Areas: (a) DTOs and associated enabling activities in Afghanistan, Mexico and Colombia that threaten U.S. interests. (b) TCSNs based in (or originating in) Russia that threaten U.S. or allied interests. (c) Money laundering that benefits TCSNs within, into, and out of Colombia and Mexico. (d) Criminal facilitators acting as a nexus between crime/narcotics and terrorism. (e) State-sponsored money laundering by Iran and North Korea. Accepted Risks: (a) Drug production/trafficking within the Golden Triangle, China, and North Korea (b). TCSNs operating in Central Asia, former Eastern Europe, and Asia, (c) Criminal associated money laundering in Afghanistan, and Iraq. State-sponsored money laundering by Syria.So I have to say:
I wasn't, as I said way back at the beginning, especially concerned about the telephony metadata collection in which NSA aimed specifically at the totality of US phone communications, and which was ruled illegal by the Second Circuit court last May and probably shut down at the end of that month, because I didn't see how it could be used for seriously illegitimate purposes (it didn't collect message content, and if you understand anything about social network theory, you'll understand why it wasn't going to make trouble with the pizza guy or the phone sex service, because pizza customers and phone sex clients don't call each other, and there isn't any network).
But I didn't at all like the look of the Internet communications, where the collection could include names or nyms, subject lines, and even conceivably message bodies, material that could be used in dragnet profiling by a program such as XKeyscore. The newest revelations about the BLARNEY program really reassure me, because they show it as being so poorly equipped for abuse:
- It concerns only messages transmitted through US territory but only from and to foreign points,
- or targeting an individual address on the basis of a properly executed FISA warrant
- or, following the infamous section 702 of the FISA Amendment Act of 2008, see p. 19, "surveillance in the US when the target is reasonably believed to be foreign"
- and SMTP email only in this program, it seems
- and only metadata until March 2013, when they announced they'd acquired the ability to collect content as well (p. 64).
- And in fact they have to allow AT&T and Verizon to filter the data for them because if they didn't "collected data volumes would flood PINWALE allocations within hours" (April 2012, p. 74).
"FISA incidents" for the first quarter of 2012, all 195 of them, broken down by cause. Via Washington Post, August 15 2013. |
But honestly, I don't see how this works as a vehicle for massive cheating. You have to have demonstrated that "reasonable belief" before you do the search, to three layers of NSA bureaucrats. Really? It seems much more likely that this section is meant to serve as bureaucratic cover for really stupid errors, when the agent ought to have known the target was not legally targetable—and perhaps for the extremely unlikely but not impossible case where a mistake like that yields some useful information.
And in any case it is clear that Rumold is just wrong; all the evidence in these documents points the other way, toward the existence of a really detailed set of rules that are difficult to break without getting caught. There's no proof that they really do everything right, but there's no indication that they habitually do things wrong, let alone in "hundreds of millions" of cases. None at all.
Besides, really, when the administration intends to violate all the rules, rather than erecting a gigantic superstructure of (secret) new rules like FAA 702, the procedure that makes sense is what the Bush administration did in 2001, to find (secretly) that they don't have to obey them—in that case that they could ignore FISA and the prohibition on domestic spying altogether. The way CIA Operations has always worked when it could get away with it, not the NSA style.
The worst is, and I think I've said this before, the likelihood that there is wicked and illegal surveillance going on of very specific individuals, not bulk collections, in some way in which NSA is not at all involved; if the rogue bits of the CIA are collaborating, for instance, with GCHQ in London, which has far fewer restrictions and is known to break the ones it has, in spying on US citizens or in the US, while the poor old hidebound NSA gets all the suspicion and rage (along with poor old John Brennan and Obama). The Snowden documents, and still more their misinterpretation by people who don't trouble to read them properly, may be deflecting our paranoia from the places where it would be justified.
No comments:
Post a Comment