
File Says N.S.A. Found Way to Replace Email Surveillance Program - hackuser
http://www.nytimes.com/2015/11/20/us/politics/records-show-email-analysis-continued-after-nsa-program-ended.html
======
linkregister
Maybe my reading comprehension isn't so sharp today, but I found this article
difficult to parse. So I looked at the disclosed set of documents.

Basically, the series of documents are NSA OIG and Congressional reports about
the email surveillance program that was shuttered in 2011. It provides a bit
more information than was previously available under the original leaks in
2013.

What the author of this article is trying to express is the idea that the NSA
was able to resume the function of the email metadata program (they call it
PR/TT, or Pen Register / Tap Trace) with some other secret program. The NYT
alleges that a paragraph on page 65 links this defunct program with the
upstream collection and the PRISM (both FAA §702) programs. It's stated in the
paragraph that the NSA concludes that it can do its job with upstream/PRISM
and for phone calls, chaining through the telephony metadata collection
(SPCMA).

TL;DR: The NSA stopped using the email metadata program and then relied on
upstream/PRISM and the telephone metadata program to fulfill the need. The NYT
got some FOIA'd documents to confirm this with an official statement.

~~~
linkregister
So I thought that the article was misleading in that it attempts to link an
email metadata program which applied to all email communication, including
U.S. persons with two different programs (upstream and PRISM) which only
authorize collection of targets that are not U.S. persons and are outside of
the U.S., and have a valid foreign intelligence purpose.

It's certainly possible that the NSA simply disregards the laws and collects
on everybody. However, there isn't any evidence of that here.

Kudos on the NYT for winning their lawsuit and getting the documents through
FOIA, though.

~~~
rl3
> _It 's certainly possible that the NSA simply disregards the laws and
> collects on everybody._

The NSA is almost certainly engaging in full-take domestic content collection
on everyone—including US citizens. If I had to guess, they're probably staying
within the letter of the law while doing so via a combination of legal
maneuvering and secret authorizations.

Consider Tim Clemente's on-air remarks, and the fact NSA has been been playing
semantics games with the definition of "collection" such as to conflate it
with the act of accessing information that's already present in storage.[0]

Also consider that Russ Tice has stated multiple times that full-take domestic
content collection was occurring as recently as 2013.[1]

Moreover, what Snowden leaked was primarily from JWICS, which is arguably a
glorified PowerPoint repository for the intelligence community. There are more
sensitive networks, and it stands to reason that the lurid details of full-
take domestic collection would probably be heavily compartmented, not floating
around in clear unambiguous form on something like JWICS.

The whole metadata discussion is a bullshit facade. NSA is essentially
offering up deprecated programs and their associated policy frameworks for
sacrifice on the political altar. This serves to protect their current
programs via way of misdirection, providing an illusion of reform.

[0] [http://blog.rubbingalcoholic.com/post/52913031241/its-not-
ju...](http://blog.rubbingalcoholic.com/post/52913031241/its-not-just-
metadata-the-nsa-is-getting)

[1] 9:49, 1:13:29 @ [http://www.boilingfrogspost.com/wp-
content/uploads/BF.0112.T...](http://www.boilingfrogspost.com/wp-
content/uploads/BF.0112.Tice_20130617.mp3)

~~~
aburan28
The real secrets and "keys to the kingdom" are "Eyes only" compartmentalized
deep within ECI/VRK compartments. I sincerely doubt the NSA would ever keep a
record of some of the sensitive things they do. The big thing with the Snowden
leaks was the NSA did not know if he got evidence of full content collection
at first and now that it is apparent he didn't, the discussion regarding the
NSA is limited to only "Metadata" collection

------
__jal
History has demonstrated that activities performed in any particular program
the NSA claims has been discontinued is typically replaced in another program.

Then Spokesmuppets in front of congress can claim "we do not X under this
program", or make similarly carefully-parsed statements, and not technically
be lying.

This has happened repeatedly.

~~~
lawnchair_larry
Not wittingly.

~~~
anonbanker
the interesting part about that quote is that he then sent a letter to
congress telling them that it was "the least untruthful" thing he could say at
the time.

And got their agreement to that narrative, which got him out of lying under
oath to congress. There will be stories written about this man someday. the
way we write about Goebbels.

~~~
wooter
Is it not still perjury?

[http://www.hasjamesclapperbeenindictedyet.com](http://www.hasjamesclapperbeenindictedyet.com)

~~~
anonbanker
no. it stops being perjury when the agreement of all parties is that his
testimony was truthful enough.

------
1024core
So, basically: the NSA lets (say) GCHQ collect data on Americans, and taps
into it; conversely, NSA collects data on Brits and lets GCHQ tap into it.
Voila! Both have satisfied their "legal" obligations, and yet have all the
data they need.

~~~
vonmoltke
It doesn't work that way. "Stealing" data on Americans from GCHQ is just as
illegal as collecting it themselves. They aren't allowed to _have_ the
information without legal authorization.

~~~
tlrobinson
Couldn't the NSA just ask the GCHQ to run specific queries (or entire
programs/algorithms) against their data and share any intelligence gained?

------
multinglets
It's just such an elusive pattern. The NSA wants to collect information about
digital comms AND they have the ability to eavesdrop/split network traffic at
the infrastructure level... I just know there's something there -- there's
SOME kind of link between those two concepts -- but I can't _quite_ connect
the dots yet.

Oh well, this will be a good data point, so I'm glad to know this one
particular thing isn't some kind of conspiracy theory (always have be careful
about those conspiracy theories; they're just so tone deaf and reactionary).

------
joeblau
On Panda, the title is cropped to "File Says N.S.A. Found Way to Replace
Email" which made me think that the N.S.A. had a Slack competitor.

~~~
hackuser
I bent (flexed?) the HN rules a little when I submitted this story. The actual
headline in the NY Times is "File Says N.S.A. Found Way to Replace Email
Program" but like you I didn't know what to make of it - I guessed someone
learned the NSA was putting fake Gmail or Outlook on their targets' devices.
So I changed it to "File Says N.S.A. Found Way to Replace Email _Surveillance_
Program".

------
biafra
So collecting the same data on US citizen outside the US makes it Ok? Seems
checks and balances are really working to protect US citizens in their papers
and effects.

------
ck2
ANY government entity, from your local town cops to the IRS can read your
email without a warrant - if it is at least 6 months old.

That law is over a decade old.

~~~
privacy101
Unless you are hosting your own server and don't store your mail on a third
party in the cloud (but that is probably true for all your data that is hosted
by a third party, not just email)

~~~
ck2
Yup. And exactly why the next president after that law was signed setup their
own private email server in their home.

I have no idea why there weren't a million news stories about WHY you should
setup your own private email server in your home and how to do it.

In fact a startup might find the perfect sales pitch to have a plug-and-play
mail server for your home. $100 shipped to your door, plug it into your router
and give it a domain name.

------
gizi
The long-term effect is that it destroys email, just like they are destroying
SSL, DNS, and many other building bricks of the internet, which are gradually
getting replaced by alternatives that are more difficult to subvert. For
example, shutting down Napster only lead to the emergence of bittorrent. I am
not against it. I think that this type of arms race cannot be avoided. So,
let's embrace it.

~~~
vinceguidry
Arms races are rarely good for anyone. This one in particular will only make
it harder for everyone to do their jobs. Law enforcement will find it
impossible to execute perfectly-legal search warrants. Corporations will be
subject to ever-more-onerous demands by their customer bases for security
against imagined adversaries with the resources of nation-states. Regular
civilians will find themselves bewildered by an array of security choices but
no real help in determining what's important and what's not, not to mention
will still be vulnerable to theft of secrets not even in their control.

The nuclear arms race went ok because both main parties were rational,
realistic professionals with no desire to see chaos reign. That's not the case
with all parties seeking nuclear weapons today. Nobody's worried about MAD
anymore, but the chances of someone, somewhere detonating a nuclear weapon on
a populated area is just as high as it ever was. There's no reason to be
embracing anything, however inevitable it may look.

------
dmix
Well, either way, Canada or UK can always do the job for them if plan B
doesn't work out.

------
mvc
Really hoping to find out it's all implemented on top of Kafka.

------
kbatten
The NSA either fights for the american people or it fights against them.
Currently the NSA is fighting against me, an ameician citizen.

------
Radle
They will not stop, unless we stop them.

------
idibidiart
Surprise! (not)

------
chatmasta
The NSA conversation is tiring. The NSA is a powerful agency with billions of
unaccounted dollars. It will do what it wants. Why discuss its motives?

Perhaps we could better spend our time ensuring we trust our fellow Americans
enough that they would not allow a cancerous facism to spread throughout the
"shadow government" of the executive branch. In other words, trust they will
look out for our best interests and will resist any movement to establish a
tyrannical government.

Why can't we just _trust_ the NSA?

~~~
AngrySkillzz
Because we can't trust our fellow Americans that much. You can plainly observe
the current anti-Muslim, anti-refugee rhetoric and make that assessment
yourself. You remembered what public discourse was like right after 9/11\. The
NSA's dragnet surveillance would be of great help in, say, Donald Trump's
recommendation to make a database of all US Muslims.

~~~
chatmasta
Maybe potential applicants to the NSA should be required to have a "trust
score" above a certain threshold, according to a certain algorithm,
democratically programmed by the People.

~~~
zero_intp
and diligently applied by a contractor

