
NSA collects millions of text messages daily in 'untargeted' global sweep - weu
http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep
======
pvnick
"Communications from US phone numbers, the documents suggest, were removed (or
“minimized”) from the database – but those of other countries, including the
UK, were retained."

I'm interested in knowing the specifics on this. US data goes into a database
and is then proactively removed? Minimization procedures [1] allow the nsa to
keep US data up to 5 years to determine where it's coming from. It's also kept
if "they contain usable intelligence, information on criminal activity, threat
of harm to people or property, are encrypted, or are believed to contain any
information relevant to cybersecurity."

So until the documents show otherwise, I assume that most of my text messages
from the past 5 years are in an nsa database, and all messages that my friends
sent to buy weed are there, perhaps being used to parallel construct criminal
cases [2].

And at the very least, _all_ of it would be visible to the systems
administrators...

[1] [http://www.theguardian.com/world/2013/jun/20/fisa-court-
nsa-...](http://www.theguardian.com/world/2013/jun/20/fisa-court-nsa-without-
warrant)

[2] [https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-
intel...](https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-
laundering)

~~~
mortov
I would assume much longer. I have a recollection [i.e. I cannot build a
google query to find a reference right now] of some poor schmuck working with
a tribute band who asked him to send a text message of the lyrics to "Machine
Gun" (a Jimi Hendrixs song). Something along the lines of 'please send us
machine gun'. He promptly replied with the words and a few hours later was on
the wrong end of an armed response team storming his house asking where the
machine gun was.

At the time the only explanation he could think of was his messages were being
intercepted but this was denied and the official explanation was he had
supposedly sent the reply text to the wrong person who called the police. His
phone logs showed he sent the reply text to the correct number but the police
just dismissed this with no explanation.

Now we have a more plausable explanation. This has apparently been going on
for a long time.

[Edit, for clarity, this was in the UK.]

~~~
berberous
Found it (first result for "machine gun lyrics mistaken sms police"):
[http://www.theregister.co.uk/2004/06/03/text_punk/](http://www.theregister.co.uk/2004/06/03/text_punk/)

"Devine, who plays in a Clash tribute band in his spare time, had sent a
message containing lyrics from The Clash's Tommy Gun to his lead singer who
had forgotten the words to the song.

According to The Sun, the message read:

    
    
        "How about this for Tommy Gun? OK - SO LET'S AGREE ABOUT THE PRICE AND MAKE IT ONE JET AIRLINER AND TEN PRISONERS"
    

The arrest has prompted speculation about how the message was intercepted.
Police maintain that Devine's message went astray. They say he actually sent
it to a woman in Bristol by mistake and it was she who alerted police to the
content.

However, The Sun also quotes Chris Dobson, a terrorism expert, as saying that
the interception clearly shows that GCHQ is monitoring all vocal and textual
mobile phone traffic."

------
moxie
I help develop TextSecure, an Android app which allows users encrypt their
text messages:
[https://play.google.com/store/apps/details?id=org.thoughtcri...](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)

It's fully open source:
[https://github.com/whispersystems/textsecure](https://github.com/whispersystems/textsecure)

You can also sign up to be notified when it's released for iOS:
[https://whispersystems.org/blog/iphone-
rsn/](https://whispersystems.org/blog/iphone-rsn/)

~~~
pilooch
I love textsecure. My problems is twofold: I don't know in advance who is
using it from my contacts, and I know for sure none of my non geek relations
is using it, not even for business stuff, which could make sense. And so as
much as I like it (thanks!!!) I am not convinced this is the solution. Am I
wrong ?

~~~
r0h1n
As I understand, you can use Textsecure as your default SMS app which means it
will automatically send either a plain or encrypted message to a recipient
depending on whether they have the app installed or not.

Of course if you use a non-stock messaging app, like Handcent for instance,
you may not want to switch to Textsecure for other features/reasons.

~~~
hdevalence
No, you need to initiate a secure session manually, and my experience was that
unless you knew the other person was for sure using text secure, this could
cause problems, since of you tried to handshake with the other person using a
stock app, it could get stuck in the handshake. This was a while ago, so I
don't know if the problem still exists.

Text secure is great, though. Really, really great.

~~~
drdaeman
Wonder how this works:
[https://whispersystems.org/assets/screens/textsecure_upgrade...](https://whispersystems.org/assets/screens/textsecure_upgrade-
cd8aa97e8693ba2f02030b0079ac63a4.png)

Unfortunately, there are no explanations on webpage and I'm not currently into
the mood of reading source code to figure things out.

Maybe outgoing (unencrypted) SMS sent through TextSecure app are tagged as
"hey, we can upgrade this to secure comms". Then all you have to do is use the
app. But I really don't know.

~~~
leekleak
The current SMS-based version of TextSecure uses whitespace tagging for
contact discovery.

The next-gen data-based TextSecure protocol (which is currently deployed in
CyanogenMod's WhisperPush implementation of TextSecure, but not yet in the
Play Store app) uploads a hashed list of the user's contacts to the server for
contact discovery.

[https://whispersystems.org/blog/contact-
discovery/](https://whispersystems.org/blog/contact-discovery/)

------
jrochkind1
It's become like science fiction, or a bad joke.

Whatever you can imagine the most powerful intelligence agency imaginable
doing, the NSA is doing. I am literally unable to think of anything that the
NSA is _not_ collecting or controlling. Every SMS message sent? Yep. Location
data on every cell phone? Yep. Controlling a 100k-computer botnet, including
via radio transmitter to contact computers not on the internet? Yep.

I admit I can't keep track of it all; at this point I just assume that
anything I can imagine the NSA doing, it's either already been revealed that
they're doing it and I just haven't managed to keep track, or they're doing it
even though it hasn't been revealed yet.

~~~
tripzilch
How about that thing in the Dark Knight Batman film, where he hacks into all
the cell phones and then uses reverb / echo analysis to somehow create a 3D
volume rendering of the space.

They can't do that yet, right? Right?

~~~
jrochkind1
You know, honestly, thinking about it, I'm not feeling certain to say no.

First, could they get an audio feed of all or many of the cell phones in a
given cell?

Second, can, you know, Science, or science the NSA has, do that 'reverb / echo
analysis' thing?

I don't really know either way, but find the second one more dubious than the
first.

------
cryoshon
Great, let's start doing something about it instead of complaining. Here's my
cynical take on a back of the napkin recipe for political change:

1\. Call, write, tweet, and facebook your representatives, both local and
federal, and tell them what you think- be sure to inflate your credentials and
threaten to give money/votes/accolades to their political enemies. For bonus
points, tell their enemies the same thing. For even more bonus points, run as
a candidate yourself.

2\. Write/speak/act out in the public sphere, make sure to get as much
attention as possible and to be moderately vitriolic and abundantly populist
in your rhetoric. Use only words, concepts, and rhetoric that a dim 9th grader
would understand.

3\. Join a physical protest- if there isn't one near you, it's your job to
start one. I'd keep it nonviolent if I were you. I know that this isn't the
cup of tea for most HN readers, but there's no way around it: physical
presence matters, and the numbers of people who have protested surveillance
thus far have been extremely paltry. We don't have the luxury of waiting for
someone else to do it for us.

4\. Convince your less-enlightened friends and relatives to do items 1-5, or
at least be terrified of the government.

5\. Start again from 1; repeat until successful.

~~~
eevilspock
[https://thedaywefightback.org](https://thedaywefightback.org) There's also a
link there to a page that puts a #STOPTHENSA overlay on your Facebook and
Twitter profile pics.

~~~
cryoshon
I support this campaign. It won't work singularly, but it might be another
useful bullet point in fermenting dissent against the NSA.

There are two major hurdles to social change success which this campaign does
not overcome:

1\. There's no political threat being projected, just general, unfocused
discontent

2\. There's no hook to entice people who don't already care about the issue

~~~
sinak
Any suggestions on 2? We'd love to change the page to help improve that aspect
of it if we can. In particular on the day of action itself.

~~~
cryoshon
Focus on average joes/peasants who have been hurt/otherwise disadvantaged by
the surveillance.

If you can't find such an example, you need to take off the kid gloves and
explain clearly that endemic surveillance is a cause of AND an effect of
totalitarian governments.

Be sure to emphasize the historical incidences (STASI, Hoover, present day
China/Russia) in which surveillance has been abused in order to support the
narrative that once performed, surveillance will result in abuse.

As far as the day of action itself, I'd shift your focus onto trying to drum
up physical presence-- anyone with a campaign can flood the internet, but
flooding meatspace is much more difficult and also much more effectual.

EDIT: I thought about my comment for a while then realized it could be re-
worded and re-thought out in a very simple way.

Your movement needs agitprop. Find a hornet's nest for the average joe, then
hit it. Focusing on Aaron isn't the right way to go about that because most
people have never heard of him. I have more feedback; email me if you'd like.

------
angersock
From the slide, a subtitle:

 _SMS Text Messages: A Goldmine to Exploit_

Oy vey--they don't even care anymore, do they? They're not even trying.

Fuck it, have a friendly octopus:

[http://static3.businessinsider.com/image/52a3bb30eab8ea8a2d3...](http://static3.businessinsider.com/image/52a3bb30eab8ea8a2d3aff04-480/nrol-39-nothing-
beyond-our-reach.jpg)

~~~
ogreyonder
I looked that logo up thinking it probably came from some sort of 70's science
fiction book about a dystopian future.

Nope, National Reconnaissance Office.

[http://en.wikipedia.org/wiki/List_of_NRO_Launches](http://en.wikipedia.org/wiki/List_of_NRO_Launches)

I mean, at least they're being honest!

~~~
joering2
Why "at least"? The couldn't before because public would be sensitive. Now
with checkpoints everywhere, NSA spying, cavity searches, homeless people
beaten down to death by cops getting away with it, DOJ declining to
investigate bank scandals, IRS, Benghazi, Fast and Furious, they do not need
logos with pink teddy bears and stills of a happy family holding hands with
smiling children on the beach. The majority of public IS already got used to
this tyranny. Coming forward with less PR is a next, obvious and logical step.
After that: huge military boot on your face!

------
sinak
This is very clearly collection of the contents of messages, and not simply
metadata. The fact that US messages may later be "minimized" from the database
is vaguely helpful, but not much of a reassurance. That data should never be
collected in the first place, and bulk collection of international data is
also an unnecessary practice.

If this helps motivate you, we need all the help we can get with
[https://thedaywefightback.org](https://thedaywefightback.org). If you're a
designer, developer (including frontend, backend, devops, mobile app), get in
touch by emailing contact@thedaywefightback.org and we'll write back and let
you know when we need your skillset the most.

~~~
maqr
I'm curious why they labeled it "METACONTENT: Message Content". So it's
content about the content's content?

~~~
samstave
I'm picturing where they summarize or rpg raze the content of a message and
then label this rephrasing as "metadata" so as to deny they don't have the
actual content.

As if they were to compress the content then claim they do the the original
content because it has been compressed.

I wouldn't put such lunacy past them.

Fuck the NSA.

------
fnordfnordfnord
> _" The note warns analysts they must be careful to make sure they use the
> form’s toggle before searching, as otherwise the database will return the
> content of the UK messages – which would, without a warrant, cause the
> analyst to “unlawfully be seeing the content of the SMS”."_

------
VexXtreme
I still don't understand something. If they are intercepting text messages
globally, how do they do that if two people are texting each other in within
the borders of their own country using their national carrier? Their texts
never leave the country. Has the NSA somehow compromised or coerced various
carriers around the world to provide them with this data?

~~~
Tharkun
NSA and GHCQ apparently routinely backdoor international carriers. I vaguely
remember something about a Belgian carrier stumbling upon the backdoor and
struggling to remove it for months.

------
vermontdevil
By now there's pretty much nothing NSA is not doing to collect information
from everyone.

Now I wonder if NSA is able to penetrate services like WhatsApp, Snapchat,
etc.

~~~
tP5n
you probably weren't serious, but in the case anyone else is unsure about
this: whatsapp is and always has been broken from a security standpoint and
there is no need for the/a NSA to penetrate anything in their case. i wonder
how you could've missed out on what happened to snapchat lately though, two
links as some sort of a short introduction:

from late 2012, but a worthwhile read on whatsapp
[http://fileperms.org/whatsapp-is-broken-really-
broken/](http://fileperms.org/whatsapp-is-broken-really-broken/)

and in the case anyone missed the snapchat debacle
[http://lookup.gibsonsec.org/](http://lookup.gibsonsec.org/)

~~~
vermontdevil
Of course not I'm not serious.

But what is not accessible to NSA?

However the fact that WhatsApp and Snapchat's popularity tells me that people
are not really educated about their true privacy and how completely broken it
is.

------
Tycho
I liked the NSA better when they were just called the Illuminati.

------
vavoida
metacontent (message content) & metadata -> smiley face, slide 2

interesting definition of metacontent

~~~
jsmeaton
That was the first thing I picked out too. From wikipedia (I know..):

> Meta ... is a prefix used in English ... to indicate a concept which is an
> abstraction from another concept, used to complete or add to the latter.

How is the entire message content abstract to the entire message content? It
seems like they've just added the prefix to get around some legal obligation.
What the fuck.

~~~
grkvlt
It's a bit more nuanced than that. What they seem to be doing is looking at
the contents for automated text messages such as missed call alerts or texts
sent with international roaming, and using that to _generate_ metadata such as
call data or geo-location data, called 'content-derived metadata'. So it's
generating new metadata records by analysing the content.

------
exo762
While NSA is busy being menace, you can mitigate damage by using TextSecure.

[https://en.wikipedia.org/wiki/The_Guardian_Project_%28softwa...](https://en.wikipedia.org/wiki/The_Guardian_Project_%28software%29#TextSecure)

------
elwell
Use iMessage instead if you care. I for one welcome our new overlords.

~~~
uptown
It's implausible that they've decided to capture text-messages, but turned a
blind-eye to iMessage.

~~~
elwell
But they may not be able to crack iMessage.

~~~
doc_holliday
I think it has got to the point, all revelations considered, where we can't
hope or assume any encryption is safe.

Technology can't prevent this, we must change laws. Which at present, seems
almost as unlikely.

~~~
benmanns
Technology can help to a certain extent, but only if open source and handled
client side. No amount of encryption on Apple's (or any company's) end will
matter, because users can no longer trust them.

------
easy_rider
NSA sure love their double forward slash and smiley faces

------
WalterBright
Notice in the Arod scandal that all his text messages have been made public?
Was there a warrant for that?

~~~
greenyoda
I'd assume that if government investigators got his text messages, they had a
warrant. If they didn't, the messages wouldn't be admissible evidence in
court. And if the messages were presented in court, they're now a matter of
public record.

But what does that have to do with the NSA?

------
gathly
this is shocking news back in July.

------
peterkelly
"Content derived metadata"

Nice.

------
dangayle
No mas

------
jonhmchan
Good god.

------
fit2rule
Time to turn the tools on these traitors.

~~~
easy_rider
You also re-watched Enemy of the state (1998) last night?

~~~
samstave
Heh, I have been!

I downloaded it (For the NSA, that means I torrented it from thepiratebay,
just so we are clear)

And I have been watching it... One of the best documentaries I have seen in a
while...

~~~
whatevsbro
> I downloaded it (For the NSA, that means I torrented it from thepiratebay,
> just so we are clear)

Oh you don't have to _tell_ them that :p

------
zacinbusiness
Who is making these piss poor presentations? They're hideous and terrible. I
could look past the gross invasion of privacy if they would at least spend 10
minutes building some decent designs. Get it together, NSA!

