Posted on 05/15/2006 10:00:07 AM PDT by Ernest_at_the_Beach
n spite of what some of our readers may think, I really do try to keep to a minimum the number of civil liberties posts I write per month. For instance, after my two most recent posts, I'd resolved not to write any more on the matter for a few weeks. Unfortunately, revelations about the scope of the American government's secret domestic spying activities just keep coming.
USA Today just went to print with some alarming new details on the NSA's citizen surveillance activities, and I've put together a few more pieces that show more revelations will probably come out. What USA Today has uncovered is, it appears, one piece of a larger program that's identical to the infamous Total Information Awareness (TIA) program that Congress has tried to nix multiple times over the years and that lives on under the codename Topsail. The program was transferred from its original home at DARPA to the NSA, and has been active for years.
The new USA Today article reveals that the NSA has been collecting and archiving "transactional information" on all domestic calls made within the US—who called whom, when, from where, etc. The transactional data is acquired from cooperating telcos (AT&T, Verizon, BellSouth, but not Qwest) and fed it into a massive database so that the NSA can analyze the collected calling patterns for clues as to possible terrorist activity. Contrary to what the government has publicly claimed about the NSA's massive signals intelligence (SIGINT) vacuum, there is no requirement here that one end of the call be located in a foreign country; we're talking about calls between me and my grandmother, and in fact about every call I've ever made over the past few years.
The NSA's domestic program began soon after the Sept. 11 attacks, according to the sources. Right around that time, they said, NSA representatives approached the nation's biggest telecommunications companies. The agency made an urgent pitch: National security is at risk, and we need your help to protect the country from attacks.
The agency told the companies that it wanted them to turn over their "call-detail records," a complete listing of the calling histories of their millions of customers. In addition, the NSA wanted the carriers to provide updates, which would enable the agency to keep tabs on the nation's calling habits.
The sources said the NSA made clear that it was willing to pay for the cooperation. AT&T, which at the time was headed by C. Michael Armstrong, agreed to help the NSA. So did BellSouth, headed by F. Duane Ackerman; SBC, headed by Ed Whitacre; and Verizon, headed by Ivan Seidenberg.
With that, the NSA's domestic program began in earnest.
USA Today notes that the telcos are only providing phone numbers and transactional data to the NSA, and not personally identifying information on the callers themselves. This is cold comfort, though, because my complete call history can be linked to me and to most of the relevant data about me (name, SSN, address history, credit rating, etc.) through my phone number(s) using an array of commercial databases, giving the government a complete picture of who I am and who I'm connected to. In other words, this transactional data is easily integrated into the Big Database in the Sky that for years the government has been trying to build in various departments and under various codenames. But more on that in a moment.
You might recall from our earlier coverage of a related instance of law enforcement overreach that government access to phone call transactional data is regulated by 18 USC 2703, which stipulates that the government doesn't need to show "probable cause" when petitioning for a court order to obtain this information on a customer. The standard that the government must meet is set at a lower threshold than probable cause, but it's not set at zero.
Crucially, the NSA's data-mining program not only dispenses with probable cause, but it dispenses entirely with the court order and thus with the lowered standard of evidence.
Think about that for a moment: the program is secret, and there is no judicial or congressional oversight (as of today, there's not even any executive branch oversight from the Justice Department), so the national security establishment has arrogated to itself carte blanche to snoop your phone activity and possibly to detain you indefinitely without a warrant based on what they find.
The original revelations about the NSA's SIGINT vacuum were just the tip of the iceberg, and the new revelations show us just a little bit more of the beast. Based on a few fairly recent stories we've run here at Ars, it appears there's probably more that we've yet to see. Much more.
Exhibit A is the story I linked above, about the feds getting a judicial ruling that extends the definition of "transactional information" to the data about your physical location that cell phone records contain. Law enforcement can now track your physical location via your cell phone without showing probable cause, so the precedent here is that, in the absence of clear laws governing this specific type of data (i.e., cell phone location data) the definition of "transactional data" is being stretched to fit new types of communications "metadata."
Now let's look at Exhibit B, which is an article on an AT&T whistleblower who spilled the beans on the NSA's secret surveillance rooms at major telco hubs. Inside these surveillance rooms is NSA network traffic analysis equipment, which is hooked into the fiber optic feeds of the main network via splitters that can siphon off signal for the NSA to snoop. The NSA then passes this siphoned signal through some heavy-duty traffic analysis equipment from a company called Narus. Here are just a few things that one of the Narus products can do, according to the product web page:
And here's what the "intercept suite" add-on module lets you do with this device:
You can probably see where I'm going with this by now.
Let's recap:
Now, does anyone seriously think that the NSA is not collecting transactional data (at a minimum) for Web, email, FTP and other IP-based communications, and/or that they're not tying all of this data to individual users?
Just in case you're not convinced that the NSA is, right now—not at some unspecified point in the future, but at this very moment—compiling a complete and customized voice and data communications profile of every US citizen and mining all of those profiles for "terrorist activity," take a look at these paragraphs from a 2002 Wired article that we linked in this post.
It's a system which, it hopes, will ferret out terrorists' information signatures -- clues available before an attack, but usually not correctly interpreted until afterwards -- and decode them prior to an assault...
According to the IAO's blueprint, TIA's five-year goal is the "total reinvention of technologies for storing and accessing information ... although database size will no longer be measured in the traditional sense, the amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes."
Our own coverage also pulled this quote from the now-defunct DARPA page for TIA:
According to DARPA, such data collection "increases information coverage by an order of magnitude," and ultimately "requires keeping track of individuals and understanding how they fit into models."
The USA Today report, in conjunction with other reports on the nature and scope of the NSA's communications surveillance activities, paints a picture of a massive data collection program that is in operation right now and is essentially an implementation of the very same TIA initiative that Congress has repeatedly tried to stop. Contrary to what DARPA claimed when they publicly started taking bids from companies to get involved with TIA, this program apparently does not require some "revolutionary" technology that's years in the future. It is being done now, with today's technology.
This should come as no surprise to anyone who's been paying attention. Earlier this year, we linked a Newsweek article that reported that TIA was still around in the form of a program called Topsail. Late last month, Technology Review reported that this program had at some point been moved from DARPA to the NSA, and magazine asked the question:
"Has the NSA been employing those TIA technologies in its surveillance within the United States? And what exactly is the agency doing, anyway?"
Well, now we know that the answer to the former question is a definitive "yes," and we have parts of the answer to the latter question.
DefenseTech and others have reported on the post-9/11 shift in culture at the NSA, where spying on Americans suddenly went from being the Agency's number one taboo to being an operational directive.
"It's drilled into you from minute one that you should not ever, ever, ever, under any ----ing circumstances turn this massive apparatus on an American citizen," one source says. "You do a lot of weird sh--. But at least you don't ---- with your own people."
As a student of religion (my day job) and an adherent of it, I can testify both personally and professionally that nobody crosses a major line like that just to dip their toe gingerly in the waters of perdition. I think it's a near certainty that the NSA did not content themselves with a few half-hearted attempts at monitoring American citizens, because they looked at the likely size of the blowback that even a few minor civil liberties incursions would bring on and decided that they may as well go the full monty. If you're gonna sin, you might as well sin big, and given the agency's formidable intelligence gather capabilities it's not at all a stretch to imagine that they're guilty of sins of Miltonian proportions.
The NSA has the tools and the will to compile a shockingly thorough profile of the communications and habits of every American citizen, not at some point in the future, but right now. Go back and read everything you can on Poindexter's TIA, and know that it is now a reality and has been for some time.
Update: DefenseTech has more on this story. DT's must-read post explains why the program is a massive waste, and points out that this story was actually broken to a substanial degree back in March, although it was lost in the shuffle. This older post gives my own arguments against what the NSA is doing.
[ Discuss ]
so where was all the outrage when this system first came to light in 1999 under Clinton's watch? when Steve Croft did the 60 minutes piece?
I'm suppose to answer your question?
only if you want to. we already know the answer...
In October 1994, Congress took action to protect public safety and ensure national security by enacting the Communications Assistance for Law Enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279. The law further defines the existing statutory obligation of telecommunications carriers to assist law enforcement in executing electronic surveillance pursuant to court order or other lawful authorization.
The objective of CALEA implementation is to preserve law enforcement's ability to conduct lawfully-authorized electronic surveillance while preserving public safety, the public's right to privacy, and the telecommunications industry's competitiveness.
On the TIA Project:
Washington's lawmakers ostensibly killed the TIA project in Section 8131 of the Department of Defense Appropriations Act for fiscal 2004. But legislators wrote a classified annex to that document which preserved funding for TIA's component technologies, if they were transferred to other government agencies, say sources who have seen the document, according to reports first published in The National Journal. Congress did stipulate that those technologies should only be used for military or foreign intelligence purposes against non-U.S. citizens. Still, while those component projects' names were changed, their funding remained intact, sometimes under the same contracts.
FISA rules demand that old-fashioned "probable cause" be shown before the FISA court issues warrants for electronic surveillance of a specific individual. Probable cause would be inapplicable if NSA were engaged in the automated analysis and data mining of telephone and e-mail communications in order to target possible terrorism suspects.
More info:
Ars Technica should stick to arguing about whether Macs are better than PCs.
This article is laughably stupid.
Topsail has been outlawed by Congress. And before it was, it involved "electronic surveillence" of non-US citizens.
Electronic surveillence means monitoring the content of electronic communications.
The latest revelations (actually, the recycling of five month old news) has nothing to do with "electronic surveillence."
The author simply betrays his utter ignorance of the subject and his paranoid fantasies.
Have another toke, brother!
"USA Today notes that the telcos are only providing phone numbers and transactional data to the NSA, and not personally identifying information on the callers themselves."
The phrase "transactional data" does not appear once in the USA Today story.
And for good reason. It is not involved.
"Customers' names, street addresses and other personal information are not being handed over as part of NSA's domestic program, the sources said."
It would be pretty hard to compile "transactional data" without any of that.
Again, this "author" is an uninformed crank.
Thanks for the good comments...pinged you to another piece.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.