
Before Snowden, a debate inside NSA - cgtyoder
http://bigstory.ap.org/article/acc54fc0c64c4c3eae29b8ac380cc065/ap-exclusive-snowden-debate-inside-nsa
======
lylebarrere
This only shows that Snowden was correct that internal channels were not
effective at providing real oversight.

~~~
acqq
Speaking of internal channels, even the external channels don't necessarily
care more than Keith Alexander:

[http://www.theguardian.com/us-news/2014/nov/18/usa-
freedom-a...](http://www.theguardian.com/us-news/2014/nov/18/usa-freedom-act-
republicans-block-bill)

"Senate Republicans block USA Freedom Act surveillance reform bill"

"Senators, mostly Republicans warning of leaving the country exposed to
terrorist threat, voted to beat back the USA Freedom Act"

~~~
dantheman
The actual bill was quite bad and should not have been passed.

For a decent write up: [http://www.theguardian.com/media-
network/2014/nov/19/how-usa...](http://www.theguardian.com/media-
network/2014/nov/19/how-usa-freedom-act-failed-on-all-fronts)

~~~
bediger4000
I agree with you, but the "quality" of the Senate debate about the actual bill
was so utterly low that I think we can reasonably infer that the Senate as a
deliberative body _doesn 't care_ about Intelligence oversight. Only Wyden,
Udall and a few others care at all.

~~~
s_q_b
If Udall cares so much, he can read whatever classified documents he wants
from the Senate floor with absolute legislative immunity.

~~~
sflicht
Yep, and here's hoping that when he's out he'll explain why he didn't in
public.

------
contingencies
We know from previous whistleblowers the most likely response to raising
concerns is being sidelined or punished.

------
laurencei
"The now-retired NSA official...says he argued to then-NSA Director Keith
Alexander"

"The former official, who spoke only on condition of anonymity because he
didn't have permission to discuss a classified matter"

and then

"An individual did bring us these questions, and he had some great points,"
Alexander told the AP."

So they know who it is. Isnt he going to get in trouble regardless?

~~~
bediger4000
CAREFULLY NOTE THE AUTHOR OF THIS PIECE: Ken Dilanian.

Ken Dilanian is at the very least, "friendly" with the CIA:
[http://www.politico.com/blogs/media/2014/09/ken-dilanian-
sen...](http://www.politico.com/blogs/media/2014/09/ken-dilanian-sent-cia-
drafts-of-stories-194906.html) At least in the past, he's run drafts of
stories past CIA PR people.

It's at least reasonable to consider the idea that this is a PR Hit for the
NSA itself, therefore nobody will get in trouble. I concede that the "I argued
with Keith and got ignored" angle is problematic if this is a PR Hit, but
still, you've got to give the idea some credit.

~~~
sflicht
Very good point.

------
ghshephard
Only two hops allowed, court order required each time, only 30 intelligence
employees permitted access to the database, and only 300 searches a year -
that sounds almost reasonable. It seems to me that the only thing left to make
this totally clean is to take the database _out_ of the hands of Government,
put it in the hands of a private clearing house, and then require a (
necessarily confidential) court order to search the database. Just like _any_
other court order. That would take the NSA out of the "Collecting American
Phone Records" business.

 _Under a process known as "contact chaining," analysts examine the numbers
that had been in contact with the "dirty number" and then the numbers in
contact with those. Until this year the circle had sometimes been expanded to
a "third hop" — a process that could include analysis of millions of American
phone calls. Obama in January restricted it to two hops, and required a court
order each time the database is searched.

Only 30 intelligence employees are permitted to access the database, officials
have said, and it is done about 300 times a year._

~~~
cryoshon
You are forgetting one critical fact: the NSA's language is entirely different
from the language that you and I agree upon and understand.

If they are saying "only 30 intelligence employees are permitted access to the
database, and only 300 searches a year", they could really mean "only 30
employees (and a multitude of contractors and military personnel) are
permitted access to the database (of which they can make a copy of all
remotely relevant information and then distribute to whoever), and only 300
searches a year (under our atomically narrow Byzantine definition of
"searches" which completely misrepresents the real number of database
queries)".

Additionally, people are really placing way too much faith in the
warrant/court approval system. These courts are in the pockets of the people
requesting authorization for searches; after all, the people with real
information (power) can twist the arm of any judge to suit their needs.

We need to clean house from the bottom up and rebuild a system which does not
permit for human corruption or human error.

------
larakerns
NSA employees are so siloed from each other that it limits dissent and self
auditing

~~~
smtddr
I feel like being siloed would actually increase the probability of dissent
happening. Leaving you all by yourself to question the rules you follow. Of
course I suspect a certain IQ and/or education level is needed for this kind
of self reflection.

~~~
Uhhrrr
Keep in mind that siloing increases the influence of management.

Also, it means that different people are telling themselves, "I'm making a
better search tool!", "I'm making a better scraper!", "I'm making a better
optical tap!", without putting it all together
([https://www.youtube.com/watch?v=HoT-h0S1gkE](https://www.youtube.com/watch?v=HoT-h0S1gkE)).

~~~
ivanca
The creators of the atomic bomb regretted having created it. I wonder how long
before someone in a spying/miltary agency will regret making a big discovery.
Maybe something like an exploit in electricity itself or a way to remotely
explote any nuclear plant in the world.

~~~
jacquesm
> Maybe something like an exploit in electricity itself

What is that supposed to mean?

~~~
tripzilch
I doubt the GP was thinking of this, but there exist some interesting side-
channel information attacks using the electricity grid.

(disclaimer: I am not very knowledgeable about electricity/electronics, so
forgive me if I'm a bit hand-wavy or wrong about the details)

The actual electricity output from a wall-socket fluctuates continuously by a
tiny bit over time. I suppose this goes for both the exact magnitude of power
output (is that voltage or amperes?) and the exact frequency being ever-so-
slightly above or below the expected 50Hz. These fluctuations can be measured
(or fingerprinted) by carefully measuring the output of electrical appliances,
such as the crackles and pops in audio recordings or brightness of light
bulbs, and in fact many other things.

The other important fact in this trick is that apparently these fluctuations
are all the same over the entire grid (or subsections of it, I guess,
depending on network layout). They are also pretty much random. This means
that if you keep a log of these fluctuations over time, you can timestamp
recordings of pretty much anything with extreme accuracy, by matching up the
patterns of crackles or power fluctuations in the recordings to your logs.

This would then allow one to detect fake call logs, video/audio cuts and
splices, stuff like that.

It's not a gigantic privacy risk (therefore probably not what the GP was
thinking of), at least not from the applications I can think of the top of my
head. I do love side-channel attacks like these, though. They're always so
clever and out-of-the-box :)

------
bobsil1

        Resolved by K. Alexander
    
        Status: Won't fix — by design

~~~
notastartup

        K. Alexander has revoked read and write permissions.

------
tomohawk
How would having the phone companies store the records be better than having
the government store them? If a warrant is required in either case, it seems
like it would be best to go with the most secure storage option.

The various parts of government are usually better able to say no to each
other, while a company may not be able to say no. What's Verizon going to do
when some part of the government demands some records? How much time and money
are they going to spend protecting those records?

Who's going to be held responsible when a phone company gets hacked and makes
off with the motherload of records?

It just seems like having the phone companies store the records will make them
less secure and more vulnerable to more requests from more agencies.

~~~
offmycloud
The phone companies store the records for at least some period of time
already, why make unnecessary copies?

