
Evidence that the NSA Is Storing Voice Content, Not Just Metadata - Libertatea
http://www.schneier.com/blog/archives/2013/06/evidence_that_t.html
======
brudgers
The focus on content over meta-data is a red-herring. What you say during the
phone call is just that...something you say. The meta-data shows what you do.

A person browses the web at a doctor's office. Forty-five minutes later, that
person calls their spouse, then an oncologist. A few days later, their spouse
checks email from the oncologists office. An hour later a call is made to a
diagnostic center by the first person. The next day, they call their mother
and a surgeon. [see interview with Susan Landau:
[http://www.democracynow.org/2013/6/12/more_intrusive_than_ea...](http://www.democracynow.org/2013/6/12/more_intrusive_than_eavesdropping_nsa_collection#)
]

The conclusions which can be drawn from that meta-data are far more solid than
can be drawn from listening in to any or all of the phone calls.

Your phone calls don't show what time you get up in the morning, or when you
get to work or walk the dog to the park. The meta-data does.

The focus on the content of calls is 50 years out of date. The meta-data show
the best time to burgle your house or fake your identity online. They show
where you go and who you associate with. There's no need to know what you
said.

~~~
pak
I disagree. You give a situation which is suggestive of the person learning
they have cancer, and is a perfect example of how mass tracking can expose
personal but information about our lives that we would rather keep private
(particularly medical information, which I believe is the most vital kind of
privacy threatened by these mass tracking schemes). But I wouldn't say that
conclusion that you suggested is solid. It is equally plausible that the
diagnostic center told the patient that results were negative, and the call to
the mother was to reassure her and to the surgeon to cancel a preemptive
appointment made by the doctor.

> The conclusions which can be drawn from that meta-data are far more solid
> than can be drawn from listening in to any or all of the phone calls.

This is just false. If you were a lawyer trying to draw a portrait of
intentions with the metadata in court, obviously it would help your case if
you could play the tapes and show what was said in each of the calls, so the
other side can't propose equally valid situations like I did and create
reasonable doubt.

I think we can be so fascinated by the power of having data, that much like
the other powerful forensic tools used in the courtroom, we are eager to
connect all the dots like we see TV shows like CSI doing. It can be difficult
to remind people that more data (particularly meta-data and not content)
produces more plausible hypotheses as often as it narrows them down.

~~~
Pr0metheus
But the problem is that there is no court, and they (NSA or whomever) are left
to make their own conclusions and act on them before we have a chance to
defend ourselves. In the example, you can draw (at least) two conclusions, the
problem is: the NSA gets to pick the one that suits their needs and defend it
with misinterpreted "meta data"

~~~
mikepurvis
... in secret court.

------
sshconnection
I wouldn't be shocked to learn that their interpretation of "not listening in"
does not include reading speech-to-text transcripts of conversations.

~~~
flogic
I suspect it means "We don't have a guy listening to your line in real time."

~~~
mtgx
Or even better: "We said we aren't listening to _your_ phone calls. We didn't
say we aren't listening to a _lot_ of phones, just (probably) not _yours_.

Their word manipulations are sickening. I just wish all of this went to a
trial already and to the Supreme Court. Let's see them lie through their teeth
to the judges then, who will actually understand everything they're saying or
avoiding saying (unlike most of the press, or people out there).

~~~
gojomo
But even if they lost at the Supreme Court, wouldn't they just appeal to the
Secret Supreme Court?

------
eliasmacpherson
Anyone else getting this..?

Technical Details

    
    
            www.schneier.com uses an invalid security certificate.
    

The certificate expired on 18/06/13 11:55. The current time is 18/06/13 14:02.

(Error code: sec_error_expired_certificate)

~~~
captn3m0
Yup, its expired.

~~~
pge
another reminder of false security of certificates, because no one pays
attention to them. Here's a security blog, so I will speculate that many of
its readers are security conscious users, yet most probably went to the site
anyway despite the security warning of an expired certificate.

~~~
jessaustin
What's the threat model for this? Is the MITM going to subtly change
Schneier's essay? Perhaps they're going to find out the lame password I use
for stupid comment forms, which password (literally: it's a word) I've been
using continuously for that purpose since 1994?

~~~
dpeck
Or inject an exploit into the stream and compromise the system being used to
view it.

~~~
taeric
I would not think that is much of a threat here in this scenario. The threat
is really that Schneier is no longer who he said he is, since it has not been
validated recently. That is, his certificate, purchased and verified through
an authority, has reached the age where that authority no longer guarantees
that he is the one holding it. As such, someone else could have taken over his
person and began acting maliciously.

Right?

Edit: So, my question "Right?" was a legitimate question. If I am wrong, I'd
like to know how. Note that this is an expired, non revoked certificate
scenario we are talking about. Meaning the identity was established before,
and to nobody's knowledge has it been stolen. Simply now that identity has not
been established for a long time.

~~~
dpeck
If you put any faith into the CA systems verification process then you'd be
correct.

~~~
taeric
But if you don't have faith in the CA system, then what is the additional
concern over an expired cert?

------
jules
Why would the NSA not be able to store all phone calls as audio? If we assume
30 minutes per person per day to store at compressed 20kbps at $0.12 per
gigabyte per year (this is what you pay at Amazon), that costs $60 million to
store for the data of a year's worth of phone calls of the entire population
of the US. The budget of the NSA is more than $10 billion, so that's less than
0.6% of its budget. That is entirely doable. Note that I have grossly
overestimated the cost here by assuming that price per gigabyteyear is what
you pay Amazon, and 30 minutes per person per day is probably an overestimate,
and the compression could be better too. The actual cost is probably closer to
$10 million; less than one thousandth of the NSA's budget.

~~~
noblethrasher
Also, Amazon Glacier is only $0.01 per GB.

------
anon51234
In 1998 a colleague of mine received a DARPA request to develop a tape-based
recording device that -- it was obvious from some quick calculations -- would
be capable of archiving all voice communications going in and out of the
country. We could think of no other application for that kind of technology,
and assumed that the real client was the NSA.

At the time, storing such a quantity of data was completely infeasible within
the physical space & budgetary constraints of the proposed program was
completely infeasible. We told them so, and the project went away. However,
given that:

1.) They were trying to do this 15 years ago, and

2.) Both their budget and the technological state of the art has improved
substantially since then, and

3.) The government these days seems happy to treat citizens' rights with the
same general contempt as non-citizens' rights, given some creative re-
definitions of terms and rubber-stamp lawyering...

...I would not be at all surprised to learn that a program like this was in
fact well-established by this point.

------
ohwp
The more I read about the subject the more I believe all this data is primary
used for commercial reasons.

What else is to gain from monitoring loads of targets without obvious security
reasons?

~~~
motters
The biggest component of espionage is always industrial espionage.

~~~
malandrew
Exactly. Personally, I'd be playing the currency markets if I had access to
all this data. I'm curious how many people who are monitored are politicians
and financiers (bankers/investors). The potential to abuse other economic
markets relative to your own is enormous.

------
genwin
Major media reported that the Boston bomber's wife's phone calls she made
prior to the bombing were listened to, after the bombing.

------
ck2
NSA is testifying right now in front of congress BTW

Oh wait no, it's the Deputy Attorney General

He says the 4th amendment doesn't apply to phone records.

Footer says "NSA director to reveal terror plots stopped by surveillance"

~~~
fnordfnordfnord
[http://www.c-span.org/flvPop.aspx?id=10737440108](http://www.c-span.org/flvPop.aspx?id=10737440108)

------
mjt0229
> And, by the way, I hate the term "metadata." What's wrong with "traffic
> analysis," which is what we've always called that sort of thing?

This has also been bugging me. Metadata is a very general term, and it doesn't
explain what the NSA claims its doing (whether they're doing anything else is
beside this particular point). Moreover, the use of such a general term seems
like it's part of the propaganda, to make us less scared: "We're not
collecting data, we're collecting meta-data." Well, it turns out that they are
one and the same anyway.

------
diminoten
This isn't evidence the NSA is storing voice content, this is Schneier saying,
"One reason I used to discount the idea that the NSA was storing all phone
conversations was that it'd be too much data but now I don't think it is."

Not new evidence.

------
wfunction
Obama says [1] that if you're a "US person" (whatever that means), "The NSA is
not listening to your phone calls."

Does storing them for later use count as listening?

[1] [http://www.cbsnews.com/8301-250_162-57589732/obama-on-nsa-
pr...](http://www.cbsnews.com/8301-250_162-57589732/obama-on-nsa-programs-
americans-not-getting-the-complete-story/)

~~~
dclowd9901
Not according to Clapper. I'm sure they're all on message with their phrasing.
They are no doubt asserting that when you pick up a phone, someone is probably
not listening to your phone call at that moment, as if we need assurance of
_that_.

------
dpeck
Lossy compression turns any data into metadata.

------
peterwwillis
To query the database, you need to know the phone number's area code is inside
the united states (...? like that's fucking difficult?), then you must get "a
further review" to see if they are "just expressing their first amendment
rights", and then one of 20 analysts and 2 managers must approve it.

Go check out all the things that are _not_ protected by the first amendment.
[http://en.wikipedia.org/wiki/United_States_free_speech_excep...](http://en.wikipedia.org/wiki/United_States_free_speech_exceptions)

If we held people accountable for all the false statements of fact they make,
FOX News would have been off the air years ago and all their newscasters
thrown in jail. Basically, millions of people could be subject to database
queries, considering how many loopholes there are.

One example they cite using the 215 was the NSA provided a phone number to the
FBI, the FBI served notice to the court to find out who the number belonged
to, and they then arrested and convicted the guy for giving money to a foreign
organization that the USA labels a terrorist organization. So don't do
business with anyone who might know a group of freedom fighters.

------
dougk16
Lots of debate here on what is more powerful, the data or the metadata. I
think in the case of voice content, a case can be made that the metadata is
more powerful, simply because it's already parsed into a quantitative,
objective format that's relatively easy to analyze en masse and find
"suspicious" patterns within the public. With voice content, I don't think our
natural language processing chops are up to par to deal with the massive
amount of data and connect the dots in meaningful ways.

Of course, if you're already targeting a specific individual, and you can get
a human to listen to the voice content, the debate is academic - both kinds of
data compliment each other and are equally powerful. Metadata still acts as a
better "gateway drug" for narrowing down individuals though.

------
doki_pen
CNN already broke this story in early May.
[http://www.youtube.com/watch?v=vt9kRLrmrjc&feature=share](http://www.youtube.com/watch?v=vt9kRLrmrjc&feature=share)

~~~
rlpb
It is considerably more credible when an accepted industry expert commentates,
over the mainstream media.

~~~
doki_pen
Did you watch the interview? They have an FBI agent talking about it. Do you
think he's not really an FBI agent?

------
Havoc
Well given that youtube can store such vast amounts of _video_ the suggestion
that the NSA is storing lots of voice doesn't seem like a massive stretch.

------
ianstallings
I think what this points out clearly, and Schneier has been preaching this for
years, is that we need to encrypt _everything_ going forward.

~~~
jes
Speaking for myself, I'd like to encrypt the content of my communications as
much as possible. But I can't control or encrypt the meta-data, such as
numbers I dial, how long I talk, etc.

------
auctiontheory
My experience has been that commercially available speech-to-text technology
doesn't work very well on non-US-accented English. Maybe fixing that tech will
be one benefit of PRISM. You know, just like we thank the Apollo space program
for Velcro and pens that can write upside down.

------
ChrisAntaki
Yep! We've actually known this for years.
[https://www.eff.org/deeplinks/2010/03/wiring-big-brother-
mac...](https://www.eff.org/deeplinks/2010/03/wiring-big-brother-machine)

------
mikemoka
So it turns out we should have actually listened to Shia LaBeouf back then:

[https://www.youtube.com/watch?v=dNRgP4FVDzA](https://www.youtube.com/watch?v=dNRgP4FVDzA)

------
CamperBob2
How about the simple fact that you don't need multiple data centers with
capacities measured in exabytes to store "metadata"?

------
Mordor
Surely a compressed call recording is also 'metadata'?

------
alimoeeny
security certificate expired!

------
humanspecies
Warning: this article does not present any evidence.

Schneier is a great cryptologist, I've read his books, I've carried them
around, I'm a big fan of his work.

BUT.

He's seriously lagging behind in his coverage of this scandal, it's like he's
just reposting what others have already said and often stating the obvious.

So the NSA has the capability to store voice? No, really? Like since 1940????

Sorry, Bruce, but this article is shit.

