It would be nice if these articles (especially in net-savvy Wired) included computability and physical access arguments defining the current limits of practical internet surveillance, scoping a bit the unbounded oh-my-god-they're-reading-everything. Distributed growth beats centralized (observer) growth, no matter how many cooperative agents (AT&T, etc). i.e. what's the current sampling ceiling?
Does anyone believe that they're really going to stop? How about that that it didn't start during the Clinton administration (if the capability existed)?
Tice said the NSA analyzed metadata to determine which communication would be collected.
The analysis of metadata -- signals intelligence -- is NOT covered under the consitution. Likewise node analysis or lots of other forms of mathematical intelligence gathering.
If the NSA can string seven communications nodes together to hone in on an accurate communications channel for terrorists to their sponsors/members/operatives, then they are doing their job. This critical work should not be lumped in with everything else.
Now the actual recording of calls and data of communications, as opposed to metadata -- that's another animal entirely.
Instead of grandstanding (and I'm a liberarian, so it's really hard not to grandstand on this one), we should try to take the concept of foreign intelligence into the world of IM, SMS, E-mail, and all the other new forms of data which live all over the world (including on U.S. servers)
I'm not making apologies for NSA. I'm simply pointing out that they are charged with doing an important job. They might be screwing it up, but that doesn't make the job go away. The last thing we want is another 1970s where Congress so crippled the intelligence agencies based on previous bad behavior that we were mostly blind in terms on HUMINT up until 9-11. Politicians and media outlets have a tendency to try to make audiences as emotional as possible -- which is exactly not what we want to do with something as important as this.
Traffic analysis is a GREATER danger to innocent bystanders than recording calls, because it is all hearsay and unproven.
if they tap my phone calling for a takeaway curry then it's obvious I'm innocent. If they just log that I call that number and later somebody they are 'watching' calls that same restaurant (because their relative works there) then I am secretly linked to that person in some database - this doesn't get examine in court - but I now have 'links to terrorists'
One: you are confusing criminal law with intelligence. "hearsay" and "unproven" are criminal law concepts, used when the state wishes to deprive you of some of your rights, such as when you are being investigated or prosecuted.
Two: you are representing "link to terrorist" as some sort of boolean condition when in fact it's multi-dimensional. EVERYBODY has links to terrorists. I call the neighborhood pizza store who has an owner that SMSs PeeWee Herman on a regular basis who visits the web site of a known supporter of Hamas. We're all linked to terrorists -- it's like the seven degrees of Kevin Bacon concept. The point of meta-analysis is to take all of that random noise and gather meaningful meta-data in order to pursue.
Once the government becomes interested in me, personally, we start moving from intelligence to crime -- assuming I am a U.S. citizen. If I am a foreign citizen, then it's simply plain old intelligence-gathering.
The weirdness is that multi-node transports now can cover areas of both criminal law and intelligence gathering, but the laws are all written for one or the other. There has to be some allowance for work in-between the two concepts.
We have some precedence. It's legal, for instance, for authorities to search your trash without a warrant.There is no presumption of privacy when using computers owned by somebody else, such as your employer.
There's a lot of legal work to be done in these areas. I want the government completely out of my life, but that ain't happening. In any society in which a strong contingent wants to control and shape every form of energy I use (to prevent global warming), then we've gone beyond the old days and are in new territory. The game now, from a libertarian viewpoint, is damage control.
EDIT: I can see where we might have a misunderstanding. When you're concerned that tracking the types and messages from you is infringing on your rights, you're assuming that the government can identify you. I have no idea how NSA is doing its work, but the idea of signals intelligence is that people are just nodes. The association of the data with your identity is another subject entirely. (Of course, attributes about the node, such as location, occupation, religious history, etc. are fair game. Just not identification. Who you actually are is irrelevant.)
Yes I do know how it works - my company produces the software that does this for your bank, your credit card and a bunch of 3letter agencies (hence the one-shot username).
What we hand over is a big list of names that are 'linked' (for whatever degree of linked they asked for) to the terrorist/criminal/transaction in question.
The tenuous definition of'match' required by some of these customers is scary, two arabic surnames beginning with Al are assumed to have a 50% match for one agency, all chinese with the surname 'Ng' are the same person according to another!
I'm sure that somewhere in military intelligence somebody understands sifting for real patterns in this. But compared to the number of people who get refused loans, get extra security at airports or listed as 'persons of interest' the next time a child is abducted - all on the basis of a 6th degree of separation.
I'm sure that somewhere in military intelligence somebody understands sifting for real patterns in this.
Then this guy needs to revamp the system. It sounds like it is horribly broken.
Having said that, you have to look at the cost-benefit ratio of both false negatives and false positives for any kind of discrimination engine. Life isn't black and white. If Fred Smith has a nuke and is somewhere overseas (and we know he'll use his real name), I'm more than happy to carefully watch all the Fred Smiths overseas that are making any kind of travel or shipping arrangements, civil liberties have nothing to do with it. That is traditional intelligence, as it applies to foreign citizens.
And this is where the conversation breaks down. Criminal law has no allowance for any kind of false positives (it is not tolerable for anybody to go to jail when they are innocent). Intelligence, on the other hand, is always dealing with probabilities -- you never expect to know fully one way or the other.
There's a fundamental incompatibility with both systems such that when they interface the language doesn't work any more. It's not going to work to try to force the concepts of one world on the other. We have to have a reasonable discussion somewhere in the middle.
Here's what I know and it seems pretty obvious: if a subversive is looking to move information between him and his cohorts, they will make it nearly impossible for the NSA or any other national organization to either: 1) locate messages or if they do, 2) break them.
(Sorry, but unless the government has figured out a mathematical backdoor to standard RSA-style encryption, any nefarious organization can just add a few more bits to their encryption to stay ahead of the code-breakers and their hardware.)
I'm going to assume that real subversives are going to go to extreme lengths to ensure their communications aren't compromised.
The government isn't stupid, they know this. So who the heck are they listening to?
It leaves us with communications by folks who want to use their 1st amendment rights to talk about anything under the American sun, and will most often do it in clear-text as it passes through routing equipment.
The parsing and archiving of this type of information -- is what is truly scary:
"See this note you wrote to someone else in 2005 talking about 'overthrowing rabid monkeys', well you wrote it, so off to the dungeons you go! Muhaha!"
It is quite ironic that people here are all up to date with every social media trend du jour and talk of "social graphs" and link analysis of friending and tweets as if this whole field is somehow new and unexplored but never think for a moment that they are wandering through some very well-travelled territory. Traffic analysis is nothing new, they are very good at it, so even if the contents of the messages remain completely opaque it is still possible to get useful intel just by knowing who is talking to whom.
It sounds obvious to us, but maybe you overestimating the intelligence of the average suicidal terrorist.
For the high level people you are probably right. I'm sure the kingpins either never use phones and internet, or RSA encrypt everything.
However, I would think the low level terrorist grunts are occasionally going to make mistakes and talk about things they shouldn't on the phone with family and friends.
Well said. I think a real debate needs to take place about gathering all forms of intelligence by "macro-polling." A traffic cop polls each car with a radar gun looking for speeders. A cop walking the beat polls pedestrians for suspicious behavior. Are my civil rights being violated simply b/c a cop looks at me in the street? Should cops simply stay at the station and wait to be called?
I think a lot of this meta-data network analysis is analogous to the traffic and beat cops. I'd be interested to whether or not people think that's true...
The metadata was NOT collected because the NSA cared about adhering to constitutional safeguards, they did it out of practicality. They were operating in an utterly intractable and vast ocean of communications information that could not possibly be monitored wholesale. When they thought they should transgress the line of metadata (assuming for a moment that "metadata" is for some reason less private) they did.
>Now the actual recording of calls and data of communications, as opposed to metadata -- that's another animal entirely.
This is exactly what they did, and it was in facilitation of precisely this purpose that the metadata was gathered. As it says in the article:
>Tice said the NSA analyzed metadata to determine which communication would be collected. Offering a hypothetical example, he said if the agency determined that terrorists communicate in brief, two-minute phone calls, the NSA might program its systems to record all such calls, invading the privacy of anyone prone to telephonic succinctness.
and:
>he discovered that the NSA was collecting the organizations' communications 24 hours a day year round.
Over and over again, defenders of wiretapping and invasions of privacy have tried to suggest that issues of security become so grave or complicated that at some point our rights to privacy fall away, or are impossible to guarantee, as though they don't operate in tandem, but rest on polar opposite ends of a sliding scale.
Why do I hear a defeaning silence the moment I ask if this power is open to abuse? What stops the NSA from being ordered to gather metadata on political opponents, activist organizations, or news reporters? What stops them from learning what those communication channels are, thereby obtaining the power to disrupt them? This is exactly what happened. Doesn't this scare anyone?
Where is the differentiation between abuse and dutiful defense of country? Where is even the acknowledgement of the possibility of abuse? I don't see it, and until it is recognized, we leave unchecked the issue rampant abuse of power under the guise of fighting the glorious fight against terrorism.
Just as the technology enables the "war on terrorism" to spill over into dimensions unanticipated by the framers of the constitution, requiring that we supply our intelligence agencies with new legal tools to continue the fight, there is a paralell duty that we prevent the government from seizing the same space for the purpose of advancing surveillance state powers.
You're making a long-winded argument against what the NSA actually did. My point was to look at the entire picture when evaluating such wrongs. Fix the bad stuff. Leave the good.
Now make a case for why we need the NSA. Then we'll be on the path to some kind of progress. By only pointing out the bad, it's a one-sided discussion. Nothing in life is one-sided.
For a freedom to mean something, it has to be delineated -- i.e., it must have limits. Can't cry movie in a crowded firehouse. etc. I'm completely with you on the freedom discussion. I just don't hear any delineation.
Outrage over legitimately outrageous behavior from the NSA does not imply that there is some sort of unbalanced perspective that needs to be tempered.
At any given moment this debate needs rest on a larger foundation of common understanding if any progress it to be possible. It is completely unfair to project into that unspoken space an extreme, one-dimensionsal and altogether unlikely position, and then say there is a lack of balance because the person hasn't yet distinguished themselves from it.
No one should have to defend their love of country every time they criticize the Iraq war. Similarly, no one should have to prove that they understand the nuances of legitimate anti-terrorism operations just because they express legitimate outrage over a legitimately outrageous event. It is curious why anyone's first instinct would be to demand such a thing, in the face of the towering need for public outcry.
We don't need the NSA. Signal intelligence is great for fighting countries, but it will will fail because terrorists are a tiny minority hiding in a huge sea of humanity. I am all for the CIA and FBI but we just don't need a the huge budget of the NSA for anything right now and because of this they can't really help.
Correction: I have no problem with the NSA building secure systems but that's a tiny fraction of their budget.
> The analysis of metadata -- signals intelligence -- is NOT covered under the consitution.
I suppose it's also okay to perform routine warrantless searches on dwellings, as long as they're only sending a robot in to sniff for certain chemical compounds. It's just an automated analysis, and the only time a human would see the results is if there is a positive hit, at which point there's suspicion for a warrant.
They are not performing an invasive search of a location where you have a reasonable expectation privacy, they are performing a stakeout of a particular group of people in a busy train station; you may ask one of these people for directions and become a brief subject of interest but the observers are looking for patterns more than specific interactions.
If you don't want people to know who you are communicating with then stop putting publicly-visible txp headers on your packets :)
I'm all for defeating these creeps through mix networks, but to use that avenue as justification for mass surveillance is pretty terrible.
When somebody picks up a phone, they most certainly do have a "reasonable expectation of privacy". The right of free speech certainly includes anonymous speech, and forcing the communications carriers to install bulk snooping gear is a wholesale infringement of this right.
Perhaps a better analogy would be forcing all laundromats to install sensors that detect chemical compounds on dirty clothes.
