
The NSA Admits It Analyzes More People's Data Than Previously Revealed - j_baker
http://www.theatlanticwire.com/politics/2013/07/nsa-admits-it-analyzes-more-peoples-data-previously-revealed/67287/
======
spikels
This is even worse than it seems. A "hop" can go both ways. So if a terror
suspect calls Comcast's main 800 number (or any other high volume number) they
can track everyone who ever called that number. And obviously they have to
deal with the fact that many people have multiple numbers and treat them as a
single node. Three hops from a few thousand suspected terrorists each with
multiple phone numbers might include a large fraction of the US population.

Not sure how this could possibly be helpful in an investigation if everyone is
a suspect. At some point you have to narrow it down.

Edit: Apparently there are 875,000 names in the "Terrorist Identities Datamart
Environment" (TIDE) [1]

So if each of those suspects can be connected to 20 people (hop 1 - 20 people)
and each those people can be connected to an additional 20 people (hop 2 - 400
people) and connected again to 21 more (hop 3 - 8,000 people) you could reach
the entire world's population.

875,000 x 8,000 = 7 billion

[1] [http://www.reuters.com/article/2013/05/03/us-usa-security-
da...](http://www.reuters.com/article/2013/05/03/us-usa-security-database-
idUSBRE94200720130503)

~~~
jlgreco
I wonder how many "hops" the average American is away from Kevin Bacon. My
guess is that 3 is on the low end of it.

Just a guess: Me<->Senator<->Movie Exec<->Kevin Bacon

With 4 or more hops it surely becomes pretty trivial. "Phonecall hops" are a
much lower bar than "worked with" hops.

~~~
s_q_b
If you have a nearly universal database, you can probably get pretty close to
covering the entire population of the country with 3 hops.

~~~
jlgreco
marshray downthread brings up a great point
([https://news.ycombinator.com/item?id=6059864](https://news.ycombinator.com/item?id=6059864))

Even if you assume a low chance of everyone getting hit in 3 hops from one
Kevin Bacon, there of course isn't just one Kevin Bacon. That "terrorist watch
list" is _pretty damn long_.

------
ChrisAntaki
Rep. Justin Amash has brought forth a bill to defund the NSA.

[http://www.techdirt.com/articles/20130715/17333823810/rep-
ju...](http://www.techdirt.com/articles/20130715/17333823810/rep-justin-amash-
pushing-to-strip-nsas-funding-with-amendment-to-defense-appropriations-
bill.shtml)

~~~
fixxer
Awesome.

I'm wondering if the NSA is willing to self-fund? I'm sure, given their
omnipotence and excellent ears, they could, perhaps, make a few ticks in the
stock market. ;)

Before I get labelled tin-foily, let us recall Iran-Contra and longstanding
allegations regarding the CIA's drug trafficking... there is precedence.

~~~
mindcrime
I don't think there's anything tin-foil about what you're suggesting. The
Iran-Contra affair speaks for itself, IMO.

~~~
samstave
Here is some tin-foil:

So does the CIA drug trafficking. However - the country is done-for. The
presidency is a CIA-bankster puppet position.

The CIA (GW Bush++) took over starting in the 70s (when Cheney and Rumsfeld
were lurking behind Ford and Carter.

Clinton's got rise to power after allowing the CIA to run everything through
Mena Arkansas. (look into it).

The banksters launder everything for the CIA (Wachovia, HSBC, et al)

The coup happened already.

~~~
pstuart
Those cocaine shipments were for inner-city youths that couldn't afford drugs.
It was for the kids!

------
mrt0mat0
_response offered by DNI counsel Robert Litt. Asked by committee chairman Bob
Goodlatte if the government really thought the massive collection of phone
records could be kept from the American people, Litt replied, "Well, um, we
tried."_

I don't get why they are so "shoulder shruggy" about all of this.

~~~
scottshea
I think it is because they live in a world where secrets are to be kept no
matter the cost in the end. This article is just another step in the
progressive revelations that have totally destroyed their credibility yet they
do not care.

~~~
Karunamon
Silly question- do any of these comments count as perjury? If you say you're
not doing $thing, then it's later revealed that you indeed did $thing, then
you come out and say "Yeah, we do $thing"

How.. how do we not penalize and punish people for this? When they make
knowingly false statements in official government capacity?

~~~
TillE
Yes, almost certainly. The problem is that the government which endorses these
programs is the same government that decides who to prosecute.

This is why nobody involved with the Bush torture programs was ever
prosecuted, not then and not now (Obama: "look forward, not backward").

~~~
j_baker
I think those are two separate issues. I think the key difference is public
support. Once all the facts about the NSA have come out, I think the public
will be against what the NSA is doing. Bush's torture program divided the
country more, and I suspect it's largely because 9/11 isn't as fresh on our
minds now.

Truthfully, I think that the torture programs are to Prism as the McCarthy
Committee is to the Vietnam War.

~~~
Karunamon
That last bit is what worries me (9/11 not fresh in people's minds).

A disaster any day now facilit^H^H^H^H^H^H allowed to happen would serve the
political status quo very well.

Am I being overly paranoid? I don't think the people in charge of the NSA
shenanigans care one whit for loss of life if it would consolidate their power
further.

------
nateabele
"We are not collecting [geolocation] data," Inglis said, "under _this_
program." (emphasis added)

~~~
lcampbell
Not to mention "collection" seems to be used to describe the act of an analyst
using the data, not storing it for future use[1]. I interpreted this quote as,
"We are not currently using geolocation data, just storing it for future use".

\--

[1] Based off Clapper's explanation, "To me, collection of a U.S. person's
data would mean taking the books off the shelf, opening it up and reading
it"[2]

[2] [http://abcnews.go.com/Politics/intel-dir-james-clapper-
lie-c...](http://abcnews.go.com/Politics/intel-dir-james-clapper-lie-congress-
complicated/story?id=19390786) (couldn't find a better source).

~~~
ihsw
How can we refute the NSA's policies when they change definitions of words? If
we attack "collection" then they redefine it as analysts' having queried for
the data, but what about when we attack "storage"? Would they redefine how
data is "in storage" to include only when it's stored in a web browser cache
(for example)?

What do _they_ call it when data is re-routed to their data centers for
indexing and storage?

~~~
joeyh
Normal operation of the Internet backbone.

------
darkarmani
> The author of the Patriot Act, Jim Sensenbrenner of Wisconsin, reminded the
> government that the act was up for renewal in 2015. The provisions for phone
> metadata collection, he warned, have "got to be changed … otherwise in a
> year or year and a half you're not going to have it any more."

Wait? That's the threat? Shouldn't they have to prove that they have sensible
"provisions" before they get to keep doing it? Or how about, we are going to
take immediate action and you come back to us when you have sensible
provisions.

~~~
mtgx
How about we repeal (or at least let expire) both the Patriot Act and FISA
Amendments Act, and then we start over from scratch, and have a real 2+ year
national debate on what NSA's job should be and what level of oversight they
need to have.

Also, don't even _think_ about putting back the "general warrant" provision in
the laws. That is and will always be unconstitutional. You have a target? Ask
a judge to give you a normal warrant, for _that target_ , or for several
targets at most - not a whole country.

~~~
rayiner
You're not going to get anywhere with the argument that the NSA needs to get a
regular warrant for all investigations. The specific warrant requirement has
_never_ applied to their purely foreign intelligence activities.

------
300bps
_Analysts look "two or three hops" from terror suspects when evaluating terror
activity_

I bet they investigate Kevin Bacon a LOT.

------
marshray
It's like playing the Kevin Bacon game except with an 864,999 additional Kevin
Bacons in the mix.

[http://www.dailymail.co.uk/news/article-2318728/Number-
names...](http://www.dailymail.co.uk/news/article-2318728/Number-names-U-S-
suspect-terrorist-list-TIDE-jumps-400-000-5-years.html)

------
nobodysfool
I think it's more people than people think...

10% of people living in america are not citizens. 90% of people are. If their
definition of 'foreign' is 'non-citizen' and they only have to be 51% certain
that someone is foreign, that is a 49% error rate, which means (at a maximum)
90% of the people they have in their databases and are tracking are american
citizens.

If they had to be 91% certain, that's a 9% error rate, and they would have a
database that 52% are american citizens...

------
waivej
From "The Tipping Point" on page 47:

"Tjaden actually sat down and figured out what the average Bacon number is for
the quarter million or so actors and actresses who have played in television
films or major motion pictures and came up with 2.8312 steps. Anyone who has
ever acted, in other words, can be linked to Bacon in an average of under
three steps."

~~~
igravious
Are you saying that if Bacon gets flagged because he takes part in a peace
protest then all the quarter million or so actors (i think it's just actor
these days, not actress, women's lib and all that) who played in television
films or major motion pictures will have their numbers run by you know who?
Thanks a lot Bacon.

~~~
jlgreco
Hmm... a sort of witch hunt in across the entertainment industry for commun^W
terrorists and terrorist sympathizers.

Why does that seem familiar?

------
famousactress
I wonder (and would not be surprised) if the nodes are always defined by phone
number alone. Meaning, if you made a restaurant reservation at the italian
place by your house, you're two hops from everyone who's ever called or been
called by them.

~~~
mayank
It's probably a directed graph, and the hops are directed paths.

~~~
moyix
That seems unlikely; otherwise you could stay off the radar by just
establishing a protocol of only calling your terrorist friends, rather than
having them call you (or vice versa, if that's the direction a "hop"
indicates).

~~~
mayank
The scenario you describe wouldn't be helped by using an undirected graph,
since common hubs (technical support, sex chat lines, sales cold calls, etc.)
would connect almost everything with very short path lengths. A common
compromise is to throw away all non-reciprocated edges and then use an
undirected graph. Your protocol would still keep you off the radar, which
illustrates some of the difficulties of the approach.

------
Kapura
I don't care about if it's two hops or three; they're collecting a metric
shit-tonne of info. It's like really large amounts of money: if a corporation
makes a million dollars or five million dollars, it's all just numbers on a
page for me. This "revelation" doesn't change the game at all, because I know
that there's still a lot of shit that the NSA isn't telling us about their
activities. Feels like hit bait (and it's worked).

~~~
j_baker
The difference between 2 and 3 hops is immense. The size of the data they
collect grows exponentially between hops.

~~~
Kapura
It's not lost on me that it's a lot more. Trust me; I've done math before. But
really, once a dataset is sufficiently huge, it's just "big." Could it be
bigger? Sure. But it'll still be big. Again, five million dollars is five
times more than a million dollars, but it's still just a bunch of money.

To put it another way, it'd be foolish to assume that there are limits on how
much data they're collecting. Those limits on what can be collected and from
whom probably exist somewhere, but it should not surprise anybody any more
that the NSA is collecting x data from y userset. We're in the future now; you
should operate under the assumption that any and all data is being logged by
somebody, and that the walls that keep that data from others are only so
strong.

~~~
j_baker
The comparison isn't between one million and 5 million. The comparison is
between one million and 5 trillion dollars.

------
e3pi
Guardian's take:

"....."The statute says 'collection'," congressman Jerrold Nadler told Cole.
"You're trying to confuse us by talking use."

"...One senior member of the panel, congressman James Sensenbrenner, the
author of the 2001 Patriot Act, warned the officials that unless they rein in
the scope of their surveillance on Americans' phone records, "There are not
the votes in the House of Representatives" to renew the provision after its
2015 expiration."

"You're going to lose it entirely," Sensenbrenner said.

NSA warned to rein in surveillance as agency reveals even greater scope

NSA officials testify to angry House panel that agency can perform 'three-hop
queries' through Americans' data and records

[http://www.guardian.co.uk/world/2013/jul/17/nsa-
surveillance...](http://www.guardian.co.uk/world/2013/jul/17/nsa-surveillance-
house-hearing)

------
D9u
It's not about "terrorism," it's about control.

------
DigitalSea
3 hops is a lot of data. For example I have about 100 friends on Facebook. One
of my friends I know has around 500 friends on Facebook and if they're friends
have a lot of friends that is a ridiculous and unnecessary amount of data
being harvested about people I have never met, have nothing to do with and
will never meet.

How can Obama keep on allowing this to happen? This is just getting ridiculous
now and if it weren't for Snowden leaking the information, we wouldn't even
know it was happening...

------
sdoering
Using a German Business-Social-network, I do have 120 contacts (first hop and
I am not a power-user there). After the third hop there are about 1.1 million
people.

And that is just one network. Use telephone, other social networks, snail-
mail, et al.

Might be massive...

------
lawnchair_larry
_The longstanding question of whether or not phone metadata collected by NSA
includes geolocation data has been answered. "We are not collecting that
data," Inglis said, "under this program."_

Well that's a relief. ;)

~~~
krapp
NSA confirmed to be running an as-yet unnamed geolocation collection
program...

------
babesh
Synopsis: The NSA analyzes EVERYONE'S data.

------
bane
Since I met Dennis Rodman on his way back from North Korea, does that make
everybody on HN 3 hops from Kim Jong Un?

------
Mordor
"two or three" is the same as "at least three", in other words "everyone".

------
repdetec
Shocking. SHOCKING

------
late2part
"Oooops, our bad." -NSA

------
vijayboyapati
Hoocuddanowed

