- The NSA is actively scrubbing the collection and removing the identities of Americans
- The most egregious privacy violation that WaPo could find was a set of love letters between an Australian government employee and her boyfriend who went off to Afghanistan to join the Taliban
- In the process of doing this, the NSA is pulling out information on "a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks"
- The WaPo estimates that around 900k people's communications are caught up in the NSA's "incidental" collection
I could see an argument made for future abuse, but this really seems to fly in the face of grand conspiracy theories that we've been seeing for the last year.
The Privacy and Civil Liberties Oversight Board has found the section 702 program to be reasonable in its tradeoffs between 4th Amendment guarantees to American citizens, global privacy rights, and national security gains.
The Section 702 program appears to work by either analysts or tech support personnel entering selectors into XkeyScore and similar systems(The Upstream Program) that look at network packet flows. Analysts are expected to justify even thinly that a selector is "foreign".
The data returned from a selector is both returned to the requestor and moved into a long term archive accessible by many NSA personnel.
So we believe from Jacob Applebaum's reporting that visits to https://www.torproject.org/ are tagged as valid selectors in Xkeyscore. It is indicated that these selectors are re-tasked so that once your identity is tagged your selectors are logged across the network.
We have independent corroboration that Tor and Tails are recommended tools among groups that threaten national security. The question is it worth the cost to have the journalists, human rights worker and technologists who also depend on these tools in the NSA long term archive?
The main takeaways of Barton Gellman's article are
1. NSA tech support personnel have unaudited access to XkeyScore selectors and the raw take. Numerous officials have testified to the contrary. This expands the potential for misuse.
2. The minimization process is not terribly robust. There is an enormous amount of constitutionally protected communication in the NSA full content database.
What we are seeing here is the other side of the story. The tracking of valid terrorists, monitoring overseas nuclear projects and military events etc. I have no doubt that this article is a heavily redacted view of things but any criticism of reform of the NSA has to accept the need for these kind of actions.
Additionally, I hate how "the people" never hear about real intelligence that is of public concern (i.e. double-dealing by allies). What is the purpose of hiding this information from the public?
On the media side, government intelligence successes aren't going to garner many eyeballs unless it's something huge. It would be similar to publishing a constant stream of minor military successes - if anything, they read more like propaganda. You're going to get a lot more readers by scaring the people into thinking that an Orwellian surveillance state has been constructed around them than telling them about something happening on the other side of the world that won't actually have much impact on the Average Joe's day-to-day life.
For the same reason, the government keeps falling back on terrorism as justification for spying since everyone was affected by 9-11 in one way or another instead of bringing up things like nuclear non-proliferation, trade agreements, intellectual property theft, etc.
The first is a problem with the lack of transparency. The NSA, the Congress or the POTUS never told American citizens: hey, we are going to be reading your emails in order to keep you save. Are you OK with that?
The second is a thought experiment. Would you feel as comfortable as you do with this, if instead of the US doing it, it was Russia, China or even North Korea? And now, to give it a different perspective, remember that the US is one of the countries that has killed the most people in the last 50 years outside of their own territory.
I'm not okay with the lack of transparency, but I acknowledge that some degree of secrecy needs to be kept to maintain the effectiveness of intelligence operation. As an example, I remember seeing a snippet from an interview once where General Alexander even said they should have been more open with the public about the 215 program (I can't seem to find the link right now). We haven't heard much about the similar e-mail program that was discontinued back in 2011. If Snowden had stopped there, I don't think there would be nearly as much debate.
As a counterexample, those dragnet concerns don't apply to PRISM/Section 702, which is targeted exclusively against foreigners. I don't think there was any reason to notify every adversary in the world that our government could get access to their Gmail/Hotmail/Yahoo accounts. Snowden didn't open up a debate there, he unilaterally made a decision on behalf of the American people to reduce the effectiveness of our intelligence services.
As for the second thought experiment, no I'm not okay with that, either. That said, espionage is mankind's second oldest profession - they're not going to stop and it's silly to think that shutting down the NSA will somehow cause them to stop. Having an effective intelligence service targeting them is going to do more to keep them in check than voicing my disapproval online.
I don't think they are. I think the dragnet did started with good intentions, does bring some useful intelligence and is kind of useful.
The problem is the collateral damage is just too high, and the debate should be around that.
These are tough questions to answer - especially without hard facts. It's hard to have an honest debate when we the people are left trying to discern the actual facts somewhere between the secrecy and sensationalism.
THINTHREAD was designed by long time NSA personnel to protect privacy while providing comparable digital surveillance capability to ECHELEON's capability in the analogue world.
STELLARWIND was the full take and archive program.
The White House chose the lower privacy technology, forced the people involved in THINTHREAD into retirement and then prosecuted the whistleblowers.
Covered in depth here:
> Some of them border on the absurd, using titles that could apply to only one man. A “minimized U.S. president-elect” begins to appear in the files in early 2009, and references to the current “minimized U.S. president” appear 1,227 times in the following four years.
Barton Gellman clarified:
> Lotta questions on this. The 1200 references to “minimized US president” come when people talk about him in intercepted conversations.
So this doesn't confirm that the NSA was reading Obama's mail, like Russ Tice has claimed. But it does belie NSA's claims that Snowden had no access to FISA material, and cast doubt on all their "stringent" security procedures to prevent misuse of intelligence material. If Snowden could sneak out with it, what else could be done without their knowledge?
I would have added "legally", so it would read "In NSA-intercepted data, those not legally targeted far outnumber the foreigners who are"
Still, the specifics of data extraction aren't clear...are the NSA mining a data stream as they please from Facebook? Or are the Facebook transcripts, as detailed in the closing anecdote, a result of a data request in an ongoing investigation of a previously identified suspect?...which is, purportedly, the same kind of access any law enforcement agency can make.
Facebook did not enable SSL by default until about only half a year before Edward Snowden went public:
The absence of SSL and presence of plenty of fiber taps provides a pretty big big data stream to mine...
Significance buried with poor headline, also could have been broken up into multiple stories. This is def a top 5 Snowden revelation, with the added bonus of a denial from a top official.
Kind of anticlimax for the claimed "a four-month investigation by The Washington Post."
How could the article have been written to make the readers see it as "one of the top five?"
I also find the following claim problematic:
>> Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy...
So there were 65,000 minimized references in 160,000 documents. But we also know that a "minimized reference" doesn't actually mean the a US person was the sender or the recipient - for instance, we know from Gellman that someone talking about President Obama would constitute a minimized reference. The first sentence, "Many of them were American" is not quantified, likely because the Post doesn't actually know how many participants in the intercepts were American.
Let's take one probable situation: Let's say Snowden took everything he could. That means there a gathering of data made by an employee at the NSA which results in 90% non-intelligence targets. What was the employee working on?
- Increasing the relevance of data? Not probable.
- Working on a usual sample of data? Most probable.
- Targetting non-intelligence targets on purpose? Scary and illegal.
So why aren't the terrorist evildoers hiding their few KB of text communications within multi-GB YouTube videos of cats and video games?
Commercial companies then built tools to identify most common steg, and AQ adapted by writing their own algorithms - which turned out to be not very good:
It still breaks down, because you need to pre-share the arrangement of how you will exchange information that is hidden in images.