
NSA collecting phone records of millions of Americans daily - bcn
http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
======
bcn
The order in a nutshell:

IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the
National Security Agency (NSA) upon service of this Order, and continue
production on an ongoing daily basis thereafter for the duration of this
Order, unless otherwise ordered by the Court, an electronic copy of the
following tangible things: _all call detail records_ or "telephony metadata"
created by Verizon for communications (i) between the _United States and
abroad_ ; or (ii) wholly within the United States, _including local telephone
calls_.

-[http://www.guardian.co.uk/world/interactive/2013/jun/06/veri...](http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order)

It was approved (reapproved?) on April 25, and valid until mid July, and
scheduled for declassification in (oops!) 2038. Interesting to note that this
order was directed at Verizon, but presumably other carriers have received
similar ones?

------
rosser
Now that we know that _every_ call is being slurped up by the surveillance-
monster, people can no longer bury their heads in the "but they're only
snooping on the 'bad guys'" sand. Maybe — though doubtfully — _that_ will
finally raise some broader public ire.

EDIT: phrasing.

~~~
carbocation
> _Now that we know that every call is being slurped up by the surveillance-
> monster_

This order authorizes _metadata_ about every call, explicitly not including
names, addresses, financial information, or the actual contents of the call.

From the order:

> _Telephony metadata does not include the substantive content of any
> communication, as defined by 18 U.S. §2510(8), or the name, address, or
> financial information of a subscriber or customer._

~~~
rdtsc
> explicitly not including names, addresses, financial information

Hmm, so what is the point in even collecting if they don't have the names and
addresses?

Are you implying that they see 555-444-1234 called 555-444-1235 for 5 minutes
and they would have no idea who called who? Why are they bothering. We know
government contractor and employment opportunities probably doesn't attract
the brightest out there, but you'd think someone would let them know their own
data is useless.

It would seem to me they can just do a reverse white pages search and get
everything they need. That additional wording "does not include substantive
content..." is there as a diversion. "Oh look nothing to worry here..."

~~~
carbocation
> _Are you implying_

No. To the best of my knowledge, I am copying verbatim or summarizing the FISA
order.

~~~
rdtsc
> I am copying verbatim or summarizing the FISA order

Why are you doing that? Did you randomly select and copy parts of text or did
you pick that particular set of lines for a reason.

You also emphasized the word 'metadata'.

Now you can have a discussion or as soon as people respond to you, you can
keep pointing out how they obviously guessed wrong your intentions, maybe
finally someone will guess correctly, who knows, until then just reply in
short snippets "i didn't say that", "nope not what i meant", "here is an exact
quote of what i already wrote".

~~~
carbocation
My goal was not to participate in this discussion at this particular time, but
instead to read others' valuable opinions.

My reason for posting was to correct factual errors in the discussion. Factual
errors seriously reduce the level of quality of discussions of topics such as
this one. Things get much more interesting when people hone in on the nuanced
elements of the actual fact pattern.

My replies were to correct people who seemed to think that my curation of
quotes from the FISA order implied something about my views on whether the
order is good or bad.

And now this is an attempt to make the whole series of responses clear.

------
hammock
The NSA collecting call-detail records en masse is not news, and goes back to
at least 2006. <http://en.wikipedia.org/wiki/NSA_call_database>

The news is that the Guardian has got a copy of an actual court order, so we
can see the exact language used with the phone companies.

------
guelo
Glad we have the FISA court to make sure the NSA is only able to have access
to every single phone record. Otherwise they might overreach.

~~~
tantalor
They could get more... they explicitly excluded the content of the
communication.

 _Telephony metadata does not include the substantive contant of any
communication or the name, address, or financial information of a subscriber._

[http://www.guardian.co.uk/world/interactive/2013/jun/06/veri...](http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-
telephone-data-court-order)

~~~
marshray
I wonder why they explicitly _included_ trunk number? Or perhaps that's just
boilerplate.

------
calhoun137
Its nice to finally see a glenn greenwald article on the front page for once.
I have been reading him every day for years and i would highly recommend his
entire body of work to anyone who is not familiar with it.

~~~
zwegner
Agreed, he's been the only political writer I've followed for years. His
articles makes me depressed a lot of the time, but it's more because nobody
seems to pay attention to him...

~~~
ianhawes
Now if he would just update his headshot.

------
coenhyde
Someone needs to find a way to make end to end encryption of phone calls a
reality.

I can think of technical solutions but it's another matter to get adoption.
Also it can't only be an app. The phone can not be trusted. I think you'd need
a small device that connects via wifi to your phone and then run some
encryption over the top of that. It could be very small with only speaker and
mic capabilities. Then you'd have an app on your phone to initial calls and
display incoming calls.

~~~
steve19
End-to-end while useful won't help this problem.

They are keeping track of meta-data, so they are amassing a huge database of
who every American associates with over the phone. This "meta data" is a huge
part of Signals Intelligence and is very useful even if you can't hear the
call itself (which is not to say they are not recording those as well).

The only way around it would be a TOR like system (or a system running on TOR)
to obfuscate who everyone talks to.

~~~
rdtsc
Ha! Funny you mention it, because guess who needs protected and secure phone
communication without leaking metadata? ... Yap it is them, the government.

Behold NSA's own "Mobility Capability" spec

[http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_Vers_2_...](http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_Vers_2_1.pdf)

In this spec they define what a mobile device would have to do to be available
and good enough to handle government's classified data. How do you know what
NSA knows? Usually by looking at what it suggests for government's use. They
allegedly know what is already cracked, insecure and exploitable. (For ex.
they suggest a specific pattern of erasing hard drives with sensitive data,
they might say do it in 3 passes, so maybe assume they can recover data in
less than 3 passes, so it gives you a glimpse into what's happening).

So to cut to the chase, how does one hide metadata? Tunneling. You create a
device that has some kind of a trusted boot mechanism, loads a trusted OS, and
connecst to an exclusive VPN. Nothing enters or leaves the devices via a
network that is not _the_ VPN network. Of course in their case the only
metadata leaking is that this device is talking to government's central VPN
server. Then there are TLS and SRTP channels created that encrypt the voice
but metadata is presumably encrypted or hidden by the outer VPN.

Now that is for the government. Now you'd need to set up a a few trusted VPN
servers around the world make sure your phone connect to them and all the
calls are routed through them as well. That way you could hide the metadata...
and probably eventually land on some black list of sorts... ;-) I kid...only
slightly

[On a side note there is a known vulnerability in how compressed & encrypted
voice data is transmitted that makes it reveal the contents, and that is by
analyzing the statistical distribution of data (even encrypted) from that it
is possible to deduce the message content --
<http://www.cs.jhu.edu/~cwright/oakland08.pdf> so, make sure to play
relatively loud music in the background , well shit by now I am sure I am on
some list somewhere...]

~~~
AnthonyMouse
>On a side note there is a known vulnerability in how compressed & encrypted
voice data is transmitted that makes it reveal the contents, and that is by
analyzing the statistical distribution of data (even encrypted) from that it
is possible to deduce the message content --
<http://www.cs.jhu.edu/~cwright/oakland08.pdf> so, make sure to play
relatively loud music in the background

It seems like the better solution would be to just use fixed bitrate
compression.

------
tibbon
Yet, no mention on front page of CNN. However there is "What breast-milk
lollipops taste like" and "Before and after: Child stars"

~~~
u2328
They're in the entertainment-as-news business, not news. I'm surprised this
hasn't become apparent to everybody yet. I haven't bothered to check them for
for news in years now. It like expecting the Food Channel to cover hurricanes.

~~~
tibbon
The reason I check them is I figure they are a good 'average' of the news that
the average american receives. I definitely know it is neither comprehensive,
nor good reporting. But I'm sad for the fact that most Americans will hear
more about honey-boo-boo (or whatever stupid entertainment stuff) on CNN than
they will about NSA collecting their phone records.

------
brown9-2
I hope that anyone in the US who is outraged realizes that the only real
chance for change on this topic is in electing like-minded representatives to
Congress, and getting everyone you know to vote the same way. Your current
senator or representative likely supports this sort of action already, and
it's not a violation of current law.

It's not a party issue but rather a power issue, institutions that have it
won't give it up on their own.

~~~
brousky
Imagine you just took office as President, you could technically order this to
stop. Would you really?

If you do it, you'll piss off everyone in charge of homeland security. The
second something bad happens, you know these people will do everything to
undermine your authority. US elections are already about who's tough enough to
protect the USA, imagine after that! Damn if you do, damn if you don't.

Reality is the people's desire for safety and security is the reason
surveillance like this exists. Unless the USA stops doing things that make
other people want to kill innocent americans, homeland spying, as unacceptable
as it may be, is probably the only way to provide that security.

Not sure what the solution to shit like this is but I doubt it's like-minded
representatives in Congress.

~~~
tnorthcutt
_Unless the USA stops doing things that make other people want to kill
innocent americans_

Evil people, or people with evil intentions, exist. Period. Full stop. There
will _always_ be people who want to kill innocent Americans. Period. Full
stop. Just as there will _always_ be people who want to kill innocent
$CITIZENS_OF_COUNTRY_NAME.

Blaming an entire country for the evil actions and intentions of people who
kill innocents is a copout of fantastic proportions. The existence of evil
(killing innocents) does not excuse more evil (the government of the United
States committing unmitigated mass-scale Orwellian spying on the citizens of
the United States).

~~~
Myrmornis
I would expect people on this site to have a slightly more sophisticated
understanding than that. There are these things called numbers. It's not a
binary question of whether or not the actions of the USA are to blame for
reactions against the USA, it's a question of whether the USA's actions cause
more frequent aggressive reactions.

~~~
Floegipoky
That logic is flawed. Those numbers indicate correlation, not causation.

~~~
Myrmornis
That logic is flawed. Some subset of instances of correlation reflect
causation. A huge portion of scientific enquiry is based around establishing
correlation because prior mechanistic, theoretic and empirical study deems a
causative link plausible. Would you wish to do away with the collection of
data on correlation? My comment was made in a context in which a causative
link is clearly plausible (that American foreign policy makes people angry).
Therefore quantitative study of American foreign policy actions and instances
of angry foreigners would be a perfectly valid exercise. "Correlation is not
causation" is a gentle reminder not to make facile inferences found in
undergraduate textbooks -- you appear to be under the impression that it's
some sort of death blow to scientific epistemology.

------
StavrosK
This is why I believe we need simple, widespread encryption that is enabled by
default. There are many applications which offer strong guarantees, such as
Silent Circle (for whom I work), RedPhone, and even iMessage is pretty secure,
from what I gather.

Many chat clients have OTR support, SIP has ZRTP, etc. There are alternatives,
unfortunately the really popular methods don't make security a priority.

~~~
magicalist
Encryption wouldn't do you any good in this case. They're looking for who you
are contacting, not what you're saying. You'd need to move all telephony onto
something like Tor to get around this (and your ISP could still tell what end
points you were connecting to, when you were connecting to them, etc).

~~~
olefoo
Real-time synchronous communication ( like phone calls ) is pretty hard to
hide, it uses bandwidth and takes up space on switches and needs low latency
to work at all ( make a voip call to someplace that only has satellite
internet to see how bad it can get ). If you're serious about hiding your
communications; either build physical networks that you control and limit the
amount of traffic visible to the public network ( i.e. trunking calls ) or
send messages steganographically encrypted in pictures of your cat you post on
Facebook.

------
jessaustin
I'm glad there are news organizations outside the USA.

~~~
dguido
PROTIP: the guy who wrote the article is a US-based journalist.

~~~
redcircle
Since everyone is pointing out that he actually resides in Brazil most of the
time: that is not by choice, but because the U.S. won't permit his significant
other to enter the country. His reporting focus is always the US. He was a US
constitutional lawyer before becoming a journalist.

------
charlieok
I'm actually surprised that it's only metadata and not a complete capture of
the contents.

Or will we learn later that there's another more secret order for that?

~~~
pvnick
I assume that the cost and complexity of doing analysis on the millions
(billions?) of phone calls daily limits even the government to metadata
analysis, from which they likely issue orders for the contents of specific
conversations based on statistical anomalies that may indicate whatever
they're looking for.

~~~
danbruc
Recording all US telephone calls costs only 2 million dollars for hard drives
per year. Of course plus bandwidth costs, electricity and so on, but it is far
less than at least I would have expect. Analyzing all the calls is of course a
whole different story but I am not convinced it is not feasible or will become
feasible in a not to distant future.

------
rlx0x
Thats hardly surprising, it is widely known or at least suspected that the NSA
collects and stores all telephone communications, and not just metadata but
the actual content as well. The capabilities of known and unknown US
intelligence agencies are a state secret and the public will never know
anything for sure.

This gives you an insight over what the public _thinks_ to know so far:
[http://www.guardian.co.uk/commentisfree/2013/may/04/telephon...](http://www.guardian.co.uk/commentisfree/2013/may/04/telephone-
calls-recorded-fbi-boston)

------
LowKarmaAccount
The NSA stopped caring about your privacy after 9/11 — just read about the
demise of project ThinThread [1].

[1] <https://en.wikipedia.org/wiki/ThinThread>

------
jessaustin
Hahaha I guess _some_ people noticed what happened to Joe Nacchio.

~~~
gyardley
Seriously. When the first executive to say 'no' to the government has his
entire life put under a microscope and ends up going to prison for something
'unrelated' that they managed to dredge up -- yeah, people are going to draw
the obvious conclusions.

------
runjake
Direct PDF link: <http://s3.documentcloud.org/documents/709012/verizon.pdf>

------
detcader
Everyone should realize one thing that makes this news slightly less scary,
but still scary nonetheless: the order only applies to "Verizon Business
Network Services", which is not the entirety of Verizon Communications.

While this still means that the metadata from millions of phone calls by
random people, possibly from phones not even on Verizon who were simply
calling VBNS phones, have been vacuumed up by the government, it also means
that not "all" Verizon phones are meta-tapped as the article seems to
insinuate (tagline, picture caption).

Glenn has done incredible commentary and reporting for many, many years; I
hope this story will be only the beginning of his contributions and shake-ups
to the discourse and activism against the U.S. surveillance oligarchy. Anyone
who hasn't been reading his pieces whenever they come out are missing a
phenomenon in human history.

~~~
kalleboo
Although this only means that the order for VBNS was released - for all we
know every telco could be under a similar order that just hasn't been leaked.

------
superuser2
The document included applies to "MCI Communications, Inc. d/b/a Verizon
Business Network Services,"

My Verizon iPhone is with "Cellco Partnership d/b/a Verizon Wireless," a
separate legal entity.

Do we know that this order actually applies to individuals' phone calls? It
seems the document would only apply to enterprise customers.

~~~
detcader
I mean, the only phone calls ever made are between individuals; but yes, this
order only applies to calls involving VBNS phones, not all Verizon phones in
general as this article implies and many MSM outlets are saying.

That makes it no less scary; VBNS has hundreds of thousands of customers and
people who make calls to VBNS phones from unrelated also probably had their
metadata sent to the government.

~~~
superuser2
Wouldn't an enterprise's call records be by definition "business records" and
not subject to the same protection as the communications of the people? I'd
imagine a lot of VBNS customers are already subject to Sarbanes-Oxley and
other regulations that require holding onto and turning over business records
to interested parties.

------
bbakkd
So do we get any say in what our government is allowed to do?

~~~
rayiner
Sure. It's called voting. But you don't get to pretend that you have no say in
what the government is allowed to do just because the majority of voters don't
care about your pet issues.

My mom doesn't care about electronic surveillance. Neither does my dad, or my
wife. The vast majority of my friends (mostly non-techies), don't care. Just
look at the success of Facebook and Google. People don't care about electronic
privacy in general, and most don't try to draw strained distinctions between
data they freely share with big corporations and data they think is okay for
the government to have. A lot of them do care about preventing terrorism,
however. So how can you sit there and pretend the will of the people isn't
being served?

------
yread
Glenn Greenwald also commented on the article in a reply to a comment
requesting "the other side" view :

GlennGreenwald:

@strangemartin > Can't help feeling I'm only getting one side of the story
here.

There's probably another court order that I've decided to hide from you that
reads: "About that last order: just kidding. The government is only entitled
to get the phone records of people about whom it has presented evidence of
wrongdoing".

------
Duhck
Good news everyone, an entire generation or more of people don't make phone
calls regularly. We use text based form of communication that are ideally
encrypted. Also this data is just metadata, I see no reason they are tracking
little jimmy and his four phone calls a week to mom.

~~~
mtgx
Well, it's a good thing FBI is asking for web services wiretapping backdoors,
then!

[http://www.wired.com/threatlevel/2012/05/fbi-seeks-
internet-...](http://www.wired.com/threatlevel/2012/05/fbi-seeks-internet-
backdoors/)

------
vixen99
In a flash it's occurred to me that the sharper would-be perpetrators of
antisocial acts might now decide not to use the telephone to communicate their
dastardly plans. However all is not lost because the information collected
will no doubt be put to good use.

------
Myrmornis
To what extent do we know whether the same thing is happening in other
countries? Do modern democracies tend to have laws that protect the public
from this sort of indiscriminate surveillance?

~~~
marshray
> To what extent do we know whether the same thing is happening in other
> countries?

In many countries there is a single national telco which is by law or in
practice a branch of the government.

> Do modern democracies tend to have laws that protect the public from this
> sort of indiscriminate surveillance?

Yes, to me this is a defining characteristic of a modern democracy. But they
all have a process by which governmental authorities can bypass those
protections in specific circumstances such as criminal investigations. This
takes the form a court order or a subpoena.

This document appears to be a blanket grant, by a court, of a near-real-time
data pipe with no specificity whatsoever.

------
negativity
The worst part is that this is almost completely unsurprising.

------
contingencies
So is AMDOCS, largely construed as an intelligence conduit for Mossad.

~~~
marshray
Such a comment is useless flamebait without any actual sources and data to
back it up.

~~~
contingencies
No, it's truthful and should be respected.

~~~
marshray
I'm saying that "largely construed" is weasel words that waste my time and is
likely to create more heat than light. If there's something relevant to be
learned from a similar scandalous AMDOCS/Mossad connection then by all means,
link us to some reliable information.

There has been no shortage of folks on net forums such as this one repeating
"The US telcos are largely construed to be supplying data on domestic
telephone calls to the NSA". But that just hasn't proven useful without
specifics of the sort we saw revealed today.

~~~
contingencies
Essentially complete metadata is required for outsourced billing. AMDOCS
openly acknowledges that they provide outsourced billing to a slew of major
telcos across the world. Many of us have experience that this even occurs
outside of the physical premises of the telco ("hosted billing"). That much I
know to be true, but you are welcome to draw your own conclusions or remain
skeptical.

The NSA interception thing is an additional concern, but given the European
Parliament report in to Echelon from 2001, William Binney's recent reports
from within the upper management of the NSA, the magnitude of their (black)
budget, recent confirmatory comments by other LE parties, and the sheer
magnitude of independently verifiable NSA construction projects in progress,
it must be difficult to maintain much skepticism there.

------
kevinSuttle
I love how the @Verizon and @VerizonWireless Twitter accounts are happily
tweeting along promotions like nothing has happened. Also, the early
termination fees are going to be laughed right into a class action suit after
this little mishap.

------
notdrunkatall
Everyone should see this relevant NYT short about William Binney, a 30 year
veteran crypto-mathematician for the NSA who designed the program that is now
being used by the NSA to spy on us all:

[http://www.nytimes.com/2012/08/23/opinion/the-national-
secur...](http://www.nytimes.com/2012/08/23/opinion/the-national-security-
agencys-domestic-spying-program.html)

His story was corroborated by Mark Klein, a former ATT employee who amassed
evidence that the NSA was, with ATT's complicity, running a data-gathering
node in room 641A of ATT's San Francisco building:

<http://en.wikipedia.org/wiki/Mark_Klein>

This is not some conspiracy theory. It's happening, and no one seems to care.

~~~
spodek
> "This is not some conspiracy theory. It's happening, and no one seems to
> care."

Do you ever feel like a frog recognizing the water is boiling and you don't
know what to do?

Or like you're looking at what Jefferson, Adams, Washington, and the other
founders fought and wrote the Declaration and Constitution over, but everybody
is acting like it's easier just to pay the stamp tax?

Or both?

~~~
smacktoward
Unlike the Founders, we have tools at our disposal to change things. We elect
our own representatives. We are free to organize an opposition. We have a free
press -- and in the age of easy and cheap online publishing, that's a power
that anyone can exercise, not just media barons.

We have lots of levers short of revolution that we can push on to move policy
in directions more respectful of the rule of law.

The only question is whether anyone cares enough to use them.

~~~
bobwaycott
Fairly serious question:

You really think that actually has any significant probability of working in
the US?

~~~
rayiner
Would it work if people tried? I bet it would. Will people try? No, because
they don't care about this issue.

The refrain of democracy being broken in America is getting old. It's not
broken--you just don't like that the majority has a long list of issues it
cares more about than privacy. We are getting the things people care about:
legalized gay marriage, continued access to abortion, welfare spending, social
services for the elderly. We're fighting the good fight on issues that aren't
quite there yet: universal healthcare, etc. Democracy is alive and kicking in
America.

~~~
brymaster
You're describing wedge issues that politicians use to get people to fight red
vs blue. Anyone that has ever brought up the subject of privacy and domestic
spying has been lambasted as a conspiracy nut.

~~~
rayiner
They are wedge issues because people care. You don't see teenagers standing on
the sidewalks getting people to sign petitions to address domestic spying
after all.

~~~
brymaster
No, they are wedge issues because politicians are able to divide voters
through manipulation, dogma and money from lobbying power. Once a politician
tells voters (or teenagers) that domestic spying is an 'issue' then they'll
care. That's how the game works.

~~~
rayiner
Ah yes, the line of old democracy is a failure because people are idiots for
not caring about what I care about.

~~~
brymaster
Ah yes, the line where we pretend the government isn't run by special
interests and the game isn't rigged.

