
NSA “precomputed contact chaining” enhances phone-record tracking program - bookofjoe
https://www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/
======
walterbell
Some countries are also collecting physical location data from telecom
companies, for the claimed purpose of contact chaining-tracing-matrix-graph-
network analysis:

[https://www.eff.org/deeplinks/2020/05/global-contact-
tracing...](https://www.eff.org/deeplinks/2020/05/global-contact-tracing-
international-proposals-track-covid-19)

 _> Despite the lack of evidence to show the effectiveness of location data to
stop the spread of the virus, a number of countries’ governments have used the
crisis to introduce completely new surveillance powers or extend old ones to
new COVID-related purposes._

Some US states will use smartphones for opt-in contact tracing using iOS 13.5+
and Android 6.0+, [https://9to5mac.com/2020/05/21/covid-19-exposure-
notificatio...](https://9to5mac.com/2020/05/21/covid-19-exposure-notification-
api-states/amp/)

 _> Alabama, South Carolina, and North Dakota are among the first U.S. states
to express interest in Apple and Google’s Exposure Notifications API for
assisting COVID-19 contact tracing._

It is not yet understood if/how state health contact databases will be
combined with other county, state or federal databases, but Palantir manages
multiple databases and is involved in both US and UK Covid-related data fusion
projects, [https://techcrunch.com/2020/05/20/palantir-covid-19-va-
contr...](https://techcrunch.com/2020/05/20/palantir-covid-19-va-contract/) &
[https://tech.newstatesman.com/coronavirus/palantir-
covid19-d...](https://tech.newstatesman.com/coronavirus/palantir-
covid19-datastore-coronavirus)

~~~
bo1024
Apple and google’s system apparently doesn’t store location information.
Actually it’s getting pushback from health people because it doesn’t collect
data.

~~~
walterbell
It can be used to derive phone/human proximity data, which can be cross-
referenced with other metadata.

~~~
conradev
It can’t be because the database does not exist: it is sharded onto each
individual phone

The server only has a list of random identifiers from those who have tested
positive for COVID. An exposure notification is determined when a phone
downloads that list and correlates it with its local list.

~~~
walterbell
_> when a phone downloads that list_

 _After_ exposure, a time-bounded (?) graph of proximity contact data can join
the central list, via the state health app using the local data. This can be
cross-referenced with other metadata.

Once a human contact tracer establishes communication with the owner of a
phone's random identifier, the identifier can be de-anonymized.

Even without the new APIs, each phone's location can be collected and shared
by telcos, at the granularity of cell tower triangulation.

------
sandworm101
Old hat. Phone records are almost an anachronism.

Current theory isn't about missing connections between people. With social
networks big and small, everyone can be connected to everyone else. Thanks to
twitter I'd bet the US president isn't more than a hop or two from every
terrorist suspect on the planet. (Not trying to be political, making a point
about connected people.)

So the existence of "links" no longer matter as there are links between
everyone. What matters is the quality and content of those links. It starts
with bi-directionality. Sure, the president's twitter feed is read by
terrorists but do they also speak back to him? Then does he reply? That back-
and-forth would represent a higher-order of connection. Are they speaking
publicly? How many people are in on these conversations? A private
conversation matters more than a public back-and-forth twitter war.

A machine mining a database for raw connections isn't useful. To judge the
quality of connections you really do need a human mind capable of making a
judgement call. They need to put the connection into context. Or, since it's
all encrypted and they cannot do that anymore, everyone is linked to everyone.
A warrant can be got for anyone anywhere. Send in the killbots when and where
the boss wants.

~~~
Lammy
Everything being discussed in the context of leaks is by definition in the
past. Use them to inform your understanding of the NSA mindset, not your
understanding of current events. "Phone" is just an obsolete pre-2010s term
here for the exact kind of pattern analysis you're describing.

I dislike the premise behind "it's all encrypted and we cannot do that
anymore" since we have no idea what capabilities an agency like NSA has now or
could have in the future. If their capabilities grow perhaps they can replay
all that saved encrypted data from their Utah Data Center and throw it into AI
for analysis. Why do you assume a human has to be involved in the judgement
process for it to be taking place?

~~~
sandworm101
>> Why do you assume a human has to be involved in the judgement process for
it to be taking place?

I don't. A human is not necessary to the process. A human is necessary for the
process _to be done well_. And if the NSA has broken its own encryption, to
the extent that it can read past traffic, call the IMU because there are some
Field's medals that need handing out.

~~~
anonobviosly
>Field's medals

The UK equivalent of the NSA invented both RSA encryption and DH key exchange
years before any of Diffie, Hellman, Rivest, Shamir, or Adleman did their
work. No Fields medal per se, but two Turing awards...

I think the odds that the largest employer of mathematicians in the world is
secretly sitting on ground breaking fundamental math is pretty high.

------
Lammy
"The agency collected “only metadata,” it said, not the content of telephone
calls."

Relevant: "Using Metadata to find Paul Revere" (2013)
[https://news.ycombinator.com/item?id=23276083](https://news.ycombinator.com/item?id=23276083)

~~~
dredmorbius
"We Kill People Based on Metadata", General Michael Hayden, former director of
the NSA and the CIA.

[https://www.nybooks.com/daily/2014/05/10/we-kill-people-
base...](https://www.nybooks.com/daily/2014/05/10/we-kill-people-based-
metadata/)

------
anewdirection
At what point do we assert what we have known for years; that aggregted
metadata is by its nature unethically privacy-invasive, and detrimental to
human rights?

------
billme
>> “Cheney ordered that Stellarwind be concealed from the judges of the FISA
Court and from members of the intelligence committees in Congress.”

(a) Anyone able to expand on the author’s source for this; (b) what if any US
legal guidance at the time enabled this; (c) and if anything between now and
then has changed legally.

~~~
redis_mlc
Essentially the White House can do anything it wants by asking the White House
Counsel to make up a legal opinion supporting whatever the President or VP
want to do.

Then the onus is on people outside that circle to learn, investigate and
prosecute, which could take years, or never.

Sounds bizarre, but it's a real thing:

[https://en.wikipedia.org/wiki/White_House_Counsel](https://en.wikipedia.org/wiki/White_House_Counsel)

~~~
billme
Neither the contents of your comment, nor that of the document on Wikipedia
appear to substantiate the claims you have made. Please cite any relevant
documents, laws, etc - that support your claims as directly as possible; for
example, document link, page number, subheading, paragraph, etc.

As is, your comment to me is worth less than having said nothing at all — as
it requires time to read your comment, link, and the responses critical of it.

~~~
voxic11
The issue is that the white house council can declare anything they want to be
legal, and unless the supreme court has ruled on that issue specifically
everyone involved has immunity from prosecution until the supreme court does
rule on it. See how the council's torture memos played out
[https://en.m.wikipedia.org/wiki/John_Yoo](https://en.m.wikipedia.org/wiki/John_Yoo)

~~~
billme
Supreme Court has ruled on the executive branches limited legal authority,
even during war time:

[https://en.m.wikipedia.org/wiki/Youngstown_Sheet_%26_Tube_Co...](https://en.m.wikipedia.org/wiki/Youngstown_Sheet_%26_Tube_Co._v._Sawyer)

That being, “The President did not have the inherent authority to seize
private property in the absence of either specifically enumerated authority
under Article Two of the Constitution or statutory authority conferred on him
by Congress.”

My rewording, “The President [does] not have the inherent authority to [do
anything] in the absence of either specifically enumerated authority under
Article Two of the Constitution or statutory authority conferred on [them] by
Congress.”

~~~
voxic11
I don't disagree that legally the authority of the president is limited. But
in practice the president can order and see executed the torture of innocent
people for years without any possibilty of justice for those victimized. This
is because legally the president and anyone acting under his command are
immune from prosecution if they acted according to legal guidance from the
white house council and the supreme court hasn't specifically ruled that exact
behavior illegal.

I guess my question for you if there is a difference between something being
legal and something being illegal but those doing it are immune from
prosecution.

~~~
billme
>> “legally the president and anyone acting under his command are immune from
prosecution if they acted according to legal guidance from the white house
council“

Source? As far as I am able to tell, this is false; as in it is not that they
are immune from prosecution, but that prosecution has never occurred.

Clearly, if war crimes were ever brought, regardless of the laws, commands,
etc - it would have not resulted in being immune from prosecution.

~~~
voxic11
> Under recent Supreme Court law, however, we are compelled to conclude that,
> _regardless of the legality_ of Padilla's detention and the wisdom of Yoo's
> judgments, at the time he acted the law was not "sufficiently clear that
> every reasonable official would have understood that what he [wa]s doing
> violate[d]" the plaintiffs' rights. Ashcroft v. al-Kidd, ___ U.S. ___, 131
> S.Ct. 2074, 2083, 179 L.Ed.2d 1149 (2011) (internal quotation marks
> omitted). We therefore hold that Yoo must be granted qualified immunity, and
> accordingly reverse the decision of the district court.

[https://www.leagle.com/decision/infco20120502152.xml](https://www.leagle.com/decision/infco20120502152.xml)

~~~
dragonwriter
That deals with immunity to civil liability, not immunity to criminal
prosecution. There's no necessary relationship between them.

~~~
voxic11
The president has the power to fire any federal prosecutor, there should be no
expectation that any action he approves of will ever result in criminal
prosecution. Civil liability is the only mechanism for holding those in the
executive accountable besides impeachment. Many violations of rights are not
criminally prosecutable anyways.

~~~
dragonwriter
> The president has the power to fire any federal prosecutor, there should be
> no expectation that any action he approves of will ever result in criminal
> prosecution.

The President does _not_ have the power to fire federal prosecutors serving in
subsequent administrations. It's true that you've provided the explanation for
why (even without the DoJ opinion which currently prohibits filing charges
against a sitting President) it is dubious that a President could effectively
be held criminally accountable while in office.

After he leaves office, his only protection is relying on political concerns,
or an anticipatory pardon.

------
PaulHoule
Around that time (2013) I knew a European defense contractor was trying to
build a triple store that could inject a trillion or so triples a day without
purging any; they went to an RDF specialist and a columnar database pro and
they said "are you kidding me?"

I told them that they were not.

See also Mark Lombardi an artist who died under mysterious circumstances after
hanging meticulously designed linkages between folks like G Gordon Liddy, GHW
Bush, Oliver North, A Kasshogi, BCCI inked by French curve in MOMA and many
other art galleries.

~~~
ColanR
> See also Mark Lombardi an artist who died under mysterious circumstances
> after hanging meticulously designed linkages between folks like G Gordon
> Liddy, GHW Bush, Oliver North, A Kasshogi, BCCI inked by French curve in
> MOMA and many other art galleries.

I have no idea what you just said. What do you mean by "meticulously designed
linkages between folks"?

~~~
ColanR
>
> [https://en.wikipedia.org/wiki/Mark_Lombardi](https://en.wikipedia.org/wiki/Mark_Lombardi)

Nevermind. Makes sense now; that was the weirdest sentence that turned out to
make sense that I'd ever read.

------
stuaxo
They should just stop.

