
It's not just metadata – the NSA is getting everything - rubbingalcohol
http://blog.rubbingalcoholic.com/post/52913031241/its-not-just-meta-data-the-nsa-is-getting-everything
======
calhoun137
Last month an FBI agent admitted on CNN that the contents of phone calls are
being collected[1]. It was written up by none other than...Glenn
Greenwald(GG).

One thing that has really bothered me since I become a hardcore HN regular is
that GG articles almost never come to the front page, even when they are
entirely on topic. I recall, on multiple occasions, finding links to places
like Ars or a similar site which are basically just doing a summary of GG's
latest article.

I really hope after the latest NSA revelations that HN will begin to take GG
seriously, get his articles to the front page, and give him the respect he
more than deserves.

[1]
[http://www.guardian.co.uk/commentisfree/2013/may/04/telephon...](http://www.guardian.co.uk/commentisfree/2013/may/04/telephone-
calls-recorded-fbi-boston)

~~~
christoph
Wow. I hadn't read that article. One thing that really stood out was the
"Information Awareness" office and it's ultra creepy logo that looks like
something straight off an underground conspiracy website.

Edit: Found a Guardian article from 2002 -
[http://www.guardian.co.uk/world/2002/feb/18/september11.usa](http://www.guardian.co.uk/world/2002/feb/18/september11.usa)

"The agency which Poindexter will run is called the Information Awareness
Office. You want to know what that is? Think, Big Brother is Watching You. IAO
will supply federal officials with "instant" analysis on what is being written
on email and said on phones all over the US. Domestic espionage."

~~~
rangibaby
[http://www.rotten.com/library/conspiracy/information-
awarene...](http://www.rotten.com/library/conspiracy/information-awareness-
office/)

"In the Defense Department budget submitted in September 2003, the Information
Awareness office had mysteriously disappeared. As if belatedly realizing that
it's better not to tell people when you're preparing an oppressive evil
computer system designed to crush their individual privacy, the office's
functions were shuffled into an unknown number of "black bag" budget items —
intelligence appropriations which do not have to be explained to the public or
justified to legislators.

So be grateful that the Bush Administration was stupid enough to let you have
a glimpse of Big Brother before he slinks off to the shadows. The next time
you see him, he'll be kicking in your door."

------
alexqgb
This hinges on the same re-definition of "collect" that Clapper tried to make,
equating "go into the world and gather" with "go to the secret library of
everything and retrieve."

The essential implication is that we're constructing a mirror of the world (or
at least, as much of it as can be reduced to information). Unnervingly, we're
operating as though law and language which developed in the original world
will map directly to this new realm, even though it's obviously and radically
different.

We really need to start talking about the Mirror World as such. Security and
surveillance is just one (hugely problematic) aspect of what could easily be
the 21st century's defining development. I suspect we're not going to reach a
suitable détente on police and military surveillance until we've developed a
commonly accepted sense of what the Mirror World entails for a constellation
of considerations, from energy, economy and ecology to culture and education.

This really is the tip of a very big iceberg.

~~~
kahirsch
Clapper just made up a new definition of "collect" to excuse his brazen lie. I
don't understand why Clapper still has a job.

But there's nothing in this article that indicates that either Senator
Feinstein or Senator Nelson was using the word in anything but the ordinary
sense.

After the FBI or NSA get a court order, they can look at the content of emails
and listen in on phone calls going forward, and they can also get past
communications that are still stored on the server--or the target's own
computer, if they have access.

Local police also get warrants to look at past emails and they sure don't use
a database of everyone's emails.

~~~
Terretta
> _But there 's nothing in this article that indicates that either Senator
> Feinstein or Senator Nelson was using the word in anything but the ordinary
> sense._

Supporting implication is in the video in the article. Listen all the way
through the video.

------
roboneal
It also enrages me how they dismiss the metadata as a "nothing burger".

Does it occur to anyone how much leverage you can exert with that information
alone in such areas as finance, divorce proceedings, opposition research, leak
investigations, and good old fashioned blackmail?

To add to it, they don't even need a court order or oversight to do the
metadata searches per Feinstein (today).

~~~
Vivtek
What blows my mind is the conservatives worried about the government taking
their guns - but not at all worried about the government knowing they called
the gun store yesterday or paid $300 there last Friday.

~~~
Veelen
There are plenty of conservatives that are worried about both, why does this
have to be such a partisan thing for you? Why are not people from both sides
of the aisle trying to stop the destruction of the constitution rather than
just blaming the other side for whatever?

~~~
Vivtek
I know there are plenty of conservatives worried about both - they're not the
ones blowing my mind. Why does this have to be such a partisan thing for
_you_?

But in answer to your second question, it's not progressive liberals who
passed the Patriot Act in the first place. We don't really have any
representation in Congress at all, any more than libertarians do. Why do you
persist in talking about an aisle when both sides of the aisle are wholly
owned subsidiaries of corporate America?

~~~
roboneal
Were you not the first person to inject "conservative" into the thread?

~~~
Vivtek
What, by mentioning that there is a group of people who blow my mind, I'm
being partisan? What is the matter with you? Did a liberal frighten your
mother?

Did I say "all conservatives" are inconsistent? No. I said there are people
who simultaneously believe Obama is after their guns, but the NSA is just
peachy keen, and I find this astonishing, and you think I'm being unfair to
the poor little snowflakes.

Good day to you, sir.

------
gojomo
Indeed, it increasingly seems 'content' is a consciously-chosen term, which is
intentionally time-tense-ambiguous, to obscure the fact that calls and other
communications have slready been recorded to NSA systems. They're not tslking
about a warrant to truly start 'collection' of future communications (in the
normal senses of English).

Getting a warrant just sets the read-access bit on already ingested 'content':
"Oh, the secret court approved the warrant? OK, let me run `chmod a+r
/calls/by-person-id/us-gz-74916949/*` - now you're in!"

This might also explain the growing pursuit of mandatory-total-traffic-
retention policies in other countries. Their security establishment has a hint
of how nifty this has been for the NSA, but might not be able to pull off —
legslly or financially — the same broad ingest feeds and giant datacenters as
in the US... so they try to offload the obligation to regulated private
entities, and still have the arbitrary lookback when they need it.

------
orthecreedence
I think while some may view this as speculation, it's extremely fair reasoning
given a) the people we're dealing with and b) how carefully they're choosing
very specific words. They got caught with their hand in the cookie jar and are
now dancing around the issues.

It's upsetting that using a word like "collect" can give any sort of plausible
deniability. "Oh, I didn't mean 'collect' _in the traditional sense_ , lol!"

This is all just one big lie on top of another on top of another. I think we'd
all be ridiculously stupid to not acknowledge that.

------
andrewcooke
this isn't 'everything' \- the article 'only' mentions phone calls and emails.
that's the easy stuff NSA can access from ISPs like AT&T, Verizon, etc.

that's important because it doesn't contradict respected people at Google, or
require magic crypto cracking.

i'm repeating myself here, so sorry, but there are two separate issues:

1 - nsa is getting a _lot_ of data from the people routing traffic. likely
_all_ metadata. and perhaps some (significant) subset of unencrypted traffic.

2 - despite the misleading prism slide, they don't seem to be getting
complete, direct access to the web companies' data.

the uproar about the slides put the initial emphasis on the web companies and
has confused discussion since.

but the consistent story that seems to be emerging is that it's the ISPs, who
have much more of a tradition of collaborating with NSA, who are providing a
lot more data than people expected. and that data is being stored without
legal approval, relying on the idea that "no-one looks at it" without a
warrant.

at least, that's the most consistent view i can find.

what worries me most at the moment is how much hardware would be needed to
store and process all that data, and whether that is feasible.

~~~
marshray
[http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/al...](http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/)

 _As a result of this “expanding array of theater airborne and other sensor
networks,” as a 2007 Department of Defense report puts it, the Pentagon is
attempting to expand its worldwide communications network, known as the Global
Information Grid, to handle yottabytes (1024 bytes) of data. (A yottabyte is a
septillion bytes—so large that no one has yet coined a term for the next
higher magnitude.)

It needs that capacity because, according to a recent report by Cisco, global
Internet traffic will quadruple from 2010 to 2015, reaching 966 exabytes per
year. (A million exabytes equal a yottabyte._

~~~
mikegioia
This is insane. Apparently Titan can do 10-20 petaflops per second. I didn't
think before, but they may be decoding AES-128.

~~~
rgbrenner
No. Titan is not fast enough to brute force AES128. All of the computers in
the world put together are not fast enough.

    
    
      If you assume:
      Every person on the planet owns 10 computers.
      There are 7 billion people on the planet.
      Each of these computers can test 1 billion key combinations per second.
      On average, you can crack the key after testing 50% of the possibilities.
      Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years!
    

If you want to decode AES, you either need the key or find a weakness in the
algo.

[http://www.eetimes.com/design/embedded-internet-
design/43724...](http://www.eetimes.com/design/embedded-internet-
design/4372428/How-secure-is-AES-against-brute-force-attacks-)

~~~
mikegioia
Well, if they _are_ storing all internet traffic, then they would have a
pretty large sample of documents/packets encrypted using the same private
keys. I don't think it's unreasonable to think that Titan could be leveraging
this when trying to decode.

Also, I didn't say "brute force", I said "decode".

~~~
marshray
If you can "decode" more efficiently than you can "brute force", then you have
an "attack on AES".

------
b6
I know hunches don't count for anything on HN, and we still don't have enough
information, and may never. But I think this is right, they're storing all
major forms of communication. If so, it's incredibly dangerous.

~~~
zalzane
>If so, it's incredibly dangerous.

I think it's absolutely thrilling. Just imagine, all it takes is one
disgruntled, lucky cypherpunk to crack into the NSA content database and
reveal its content to all.

Unencrypted emails, text messages, phone calls between you and your mum. Let's
be honest, leaking that database is probably what it's going to take to see
any kind of real attention/change on this issue.

~~~
marshray
Maybe that's what those 19998 other unreleased documents are.

~~~
daywalker
I haven't seen 20,000 documents reported anywhere, or perhaps I just missed
it. Do you have a link to an article mentioning this? Thanks.

~~~
marshray
I don't recall where I heard that, I may be mistaken. I'll keep looking around
and update here when/if I find it again.

EDIT: Possibly [http://www.nytimes.com/2013/06/11/us/how-edward-j-snowden-
or...](http://www.nytimes.com/2013/06/11/us/how-edward-j-snowden-orchestrated-
a-blockbuster-story.html?pagewanted=all) "Mr. Snowden has now turned over
archives of “thousands” of documents, according to Mr. Greenwald, and “dozens”
are newsworthy."

------
whiddershins
This is outrageous. And much more upsetting. I don't think it is all that
speculative. Everyone with access to classified information keeps saying there
is much much more they are doing, which we don't know about. Well, what else
would it be? Cameras in my house? What would MUCH MORE be?

~~~
einhverfr
Over here in Asia, where there can be fear of maids kidnapping children, a big
trend is CCTV in the home. This is then sent out over the internet to the CCTV
collection company and visible via the internet if you have a username or
password.

For those who have watched the movie "So Close" (I recommend it-- sexy,
tragic, thrilling, thought provoking), the idea of global surveillance of
cameras in houses and businesses is something well within the possibility over
here, though perhaps not to the same extent in the US.

~~~
mitchty
I'm genuinely curious, how often do maids actually kidnap children where
you're at?

~~~
einhverfr
There are stories. I doubt it is as common as the fear is. Certainly not a
threat that I would give anyone with the influence cameras in my house to
solve.

~~~
mitchty
Figured as much, was wondering if it were close to the russian dash cameras or
more of a boogeyman that isn't likely to be reality.

------
diminoten
Complete and utter speculation. This is wordplay for page views, I'm disgusted
to have given them one.

~~~
leoc
It's certainly speculation with a linkbait title, but the apparent consistency
between Clemente and Feinstein makes it not-completely-woolly speculation.
It's certainly more than possible that that Feinstein's statement should be
interpreted straightforwardly while Clemente was just largeing it up for TV
though.

~~~
diminoten
More than possible? What does that even mean?

Speculation. Complete speculation. Not worth any rational thinker's time.

------
rl3
The article conducts a fairly scrupulous analysis of what politicians and
officials are saying, and likely is correct in its assertions. However, it
doesn't mention (within the same post) that the NSA has been operating DPI
gear at the carrier level for a long time now. Mainstream media has overlooked
this fact more often than not recently.

DPI sitting on carrier pipes is what the Room 641A scandal in 2006 was about.
Its disclosure helped kick off the warrantless wiretap debate we're currently
having. Virtually every NSA whistleblower since has mentioned the operation of
Narus devices.

Consider the following:

A) NSA is confirmed to be operating Deep Packet Inspection (DPI) devices on
internet backbone fiber-optic cables within the United States, with telecom
cooperation.

B) The recent revelation that Verizon has been providing NSA call metadata and
routing information (but not content) on a massive scale. Obviously not just
Verizon, but every major telco.

C) Construction of NSA's Bluffdale, Utah data storage facility is almost
complete. The storage capacity varies depending on who you ask, but most
conservative estimates put it at a scale such that it can hold the entirety of
the world's communications well into the foreseeable future.

It's not rocket science they're already intercepting and storing the content
of traffic. The Verizon metadata and routing information is certainly used in
conjunction with DPI for attribution and deduplication of intercepted traffic.

It's a simple matter of 1 + 1 + 1 = 3.

\---

Except the number of operands is more likely in the double digits. If I may
indulge in speculation and conduct some quotation analysis of my own:

OP's article cites many officials hinting that what we currently know, even in
light of the recent debate, is only the tip of the iceberg. However, in my
opinion the foremost quote in this regard occurred seven years ago:

In 2006, Russel Tice, NSA whistleblower, was quoted as saying:

"In my case, there's no way the programs I want to talk to Congress about
should be public ever, unless maybe in 200 years they want to declassify
them." [1]

OK, 200 years is probably a bit of an embellishment, especially if you listen
to Singularity folks who suggest the human race won't even be the human race
by then.

However, Tice explicitly mentioned this in context of a "different angle" from
the warrantless intercept operations just seeing the light of day at the time.
[2]

If he wasn't even talking about what's currently being debated in the media,
then what was he referring to?

My guess would be something on the analysis side of the equation. Perhaps
collection and subsequent analysis of mobile device geolocation data.

Imagine employing the technique of geofencing on individual citizens at a
national or even global scale. Non-targeted individuals entering within a
certain radius of targeted individuals at sufficiently similar velocity for a
specific duration or frequency could end up drawing suspicion upon themselves.
Combined with other data points, individuals who are societal outliers in
terms of behavior could be detected with ease.

Or, maybe it's that and more. There's all sorts of enterprise-class big data
simulation products out there where you can simulate an environment in
extremely fine-grained fashion using a near-unfathomable amount of data
points.

\--

TL;DR - The notion that NSA isn't getting everything is laughable.
Comprehensive, retroactive surveillance is already a reality.

\---

1\.
[http://blog.foreignpolicy.com/posts/2006/07/10/hoekstra_blow...](http://blog.foreignpolicy.com/posts/2006/07/10/hoekstra_blows_the_whistle)

2\. [http://thinkprogress.org/security/2006/05/12/5319/more-
unlaw...](http://thinkprogress.org/security/2006/05/12/5319/more-unlawful-
activity/)

~~~
rubbingalcohol
I covered a lot of the historical stuff about carrier-level monitoring in a
previous post ( [http://blog.rubbingalcoholic.com/post/52361697693/a-tale-
of-...](http://blog.rubbingalcoholic.com/post/52361697693/a-tale-of-
surveillance) ). I could literally write a book about all of this nonsense,
but I wanted to take a narrow focus with this post, specifically that the
government is lying, changing definitions of words, and backpedaling to cover
up its shameful and unconstitutional surveillance practices.

You're absolutely right. When you connect all the dots, especially with the
Utah Data Center, the big picture is really pretty scary.

~~~
rl3
Sorry, the tone of my original opener was unduly harsh and slightly ignorant;
fortunately the edit window was still open.

Good articles.

------
lurchpop
Doesn't it feel like we're all just playing along when it comes to whether
they're getting email and call contents? We all suspect they're getting
everything, but the acceptable range of debate for now is just metadata.

With so many people in the know saying "tip of the iceberg" it should be
pretty obvious they're AT LEAST getting calls & emails. The horrific details
may be some other shit we didn't even think of like alt uses of OnStar-type
systems, data over powerlines (PDSL), hidden capabilities in mobiles, hijacked
root CAs, etc.

------
CurtMonash
I went through a similar analysis a few days ago:
[http://www.dbms2.com/2013/06/10/where-things-stand-in-us-
gov...](http://www.dbms2.com/2013/06/10/where-things-stand-in-us-government-
surveillance/) See also the comment thread, and the
followup[http://www.dbms2.com/2013/06/13/how-is-the-surveillance-
data...](http://www.dbms2.com/2013/06/13/how-is-the-surveillance-data-used/)

------
bowerbird
everything is being saved. _everything._

it's massively compressed, so they need _pointers_ to review anything
specific.

but if they really _want_ to, they _can_.

they're telling you this in dribs and drabs, because it'd be too big a shock
to tell you all at once. you'll get used to the idea...

after all, "it's for your own good". right?

-bowerbird

~~~
axus
They've got it all, but they promise not to look. Unless there's a chance you
are a terrorist, and it's hard to know without looking.

~~~
alan_cx
How about a cast iron definition of "terrorist" before we get that far?

------
mehwoot
This is not proof at all. It's a theory, based on the phrasing used, but
nowhere near conclusive.

~~~
calhoun137
Watch the video at the end of the article.

~~~
mehwoot
He says "No digital communication is secure" (this is obviously an
embellishment; this is trivial to show unless the U.S. government has broken
every major encryption scheme), "and so these communications will be found
out".

He does not specifically say these _phone calls_ will be found out. He could
very well be referring simply to the ability for FISA requests to receive
information about an individual that has been stored by companies like
facebook, google, etc. The interviewer's question was "And you're not talking
about a voicemail, right?"

It is not clear in any way that he is saying the government has recorded all
phone calls and can go back and listen to them.

Additionally,

 _sources tell CNN the wife of Tamerlan Tsarnaev spoke with her husband on the
phone after his pictures and video appeared around the country as the prime
suspect._

If this was after he was already named as the prime suspect, you are telling
me they didn't have a traditional wiretap on him and his relatives at that
point?

Btw the transcript linked in the article
([http://transcripts.cnn.com/TRANSCRIPTS/1305/01/ebo.01.html](http://transcripts.cnn.com/TRANSCRIPTS/1305/01/ebo.01.html))
and the video don't match up, so it is hard to get context.

~~~
vixen99
It's not clear that the government has recorded all telephone calls?

This interviewee says "All digital communications are ....are..." and
uncharacteristically hesitates. Evidently he doesn't want to complete that
sentence. So he tries again: "There's a way to look at digital communications
in the past and I can't go into details."

No need to - it's called 'recording the entire communication'.

~~~
kps
Nah, they have a machine that can see into the past[1].

[1] Asimov, I. _The Dead Past_ , 1956.

------
brown9-2
If this was the case, how come the leaked FISA order about Verizon's metadata
doesn't refer to it?

The theory relies on two people from two different backgrounds using the same
meaning for "collect".

