Slashdot Mirror
NSA Chose Invasive Phone Analysis Option
Encrypted Anonymous Coward writes "The Baltimore Sun reveals the existence of an interesting experimental NSA program codenamed ThinThread from the late 90`s. The program involved link analysis of traffic data, with a twist; The phone numbers from the U.S. would only be analyzed in an encrypted form. This way the analysis would potentially be possible under existing privacy laws, according to the people behind the program. The NSA could gather further unencrypted details if there was evidence of a threat. Political infighting seems to have dropped an interesting and respectful program from the books."
Well, if that is legal, I recommend you to change your laws...
Anonimity isn't really privacy. When I say "I love you" or "I'm going to kill you" I want to know it's ME saying THAT to THAT PERSON who is meant to receive it, and to no one else. I don't wanna be an anonymous coward sending my thoughts over to the NSA and get busted because they can look up my IP if I've been a bad boy...
My 0.02 cents
...and of course the NSA has an excellent track record of unbreakable encryption (in case these records get in the wrong hands).
Let's hope they didn't talk on the phone...
GetOuttaMySpace - The Anti-Social Network
NSA: "Stand very still, we're going to beat you with this baseball bat."
U.S. Citizen: "Don't I have rights? You can't just beat me with that bat!"
NSA: "Don't worry, we've encrypted it."
I do not respond to cowards. Especially anonymous ones.
Yep, kind of what I was thinking. I imagine a sufficiently experienced/intelligent/devious operator would only have to perform one or two further sub-queries on that hashed information in order to find personally identifying information ... and from there get the info that was encrypted via public sources, if necessary. How do you protect against this kind of (mis)use?
The jolly, candy-like button...
Slashdot Burying Stories About Slashdot Media Owned
Exactly! Perhaps they could come up with a descriptive name that alludes to the level of utility and usability of the program. In which case, they'd end up calling it...The Gimp!
*ducks*
This guy's the limit!
Part of the proposed program would make it illegal to do so without a court order. And therefore, any evidence gained from a surreptitiously decrypted number would be inadmissible in court (and very embarrassing for the NSA).
See, technically the only thing that stops the police from tapping every phone (other than respect for the community) is that it's illegal to do so and any evidence gathered is wholly worthless.
-=-=-=-=-=
I'd rather be flamed than ignored.
Yeah, and I "encrypt" all the mp3s I download for free off the internet. I never listen, I just analyze.
Don't mod me, bro'!!!!
Obviously turning the "encrypted number" back into a real one would never slip from "a threat was found" to "we wanted to know who it was".
You're crapping on an effective means of controlling who gets access to data because there's a possibility it might not be used properly in some instances. If it's not used properly, then we have the situation we already are in. At the very least, we can file this under "better and under no circumstances worse."
Whether or not we can label it "good" is beyond the scope of me.
"* Analyzed the data to identify relationships between callers and chronicle their contacts. Only when evidence of a potential threat had been developed would analysts be able to request decryption of the records.
Says who? The NSA?
Who defines what a potential threat is? A judge of the court, or some bureaucrats in the NSA?
Why would we trust an agaency known to play games with the law to have access to this data? A layer of separation (the encryption) doesn't change the fact that the data is still there for misuse. Just because it's harder to tie to an individual doesn't mean it can be misused.
All the encryption does is make it harder for a rogue/spy to get access to actual phone numbers. Systemic abuse or misuse of the data is not prevented at all. And frankly, systemic abuse/misuse frightens me much more than one person being able to misuse the data.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Obviously the encrypted info could be decrypted or traced back to the source for further investigation. So this can't possibly bypass privacy laws. After all, it's the NSA. Isn't it part of their job to decrypt information? I'm glad it died.
Developers: We can use your help.
Actually led to this pilot being shelved, and there being less evil law-evading call monitoring by the NSA. I'm amazed that something this insidious was actually abandoned in the wake of 'rising terror threats'.
We are at a crossroads, and we need to take a step back from the emotion of September eleventh (nearly 5 years later) and really look at what we want to see in the future.
I won't stand on a soapbox here and force my opinion on others but I think it is time for a very serious debate over what is acceptable to give up in the name of security, what secrets we will let our government keep from us and what checks and balances need to be in place.
I think we are in trouble of letting "terrorism" be the ultimate excuse for any unpopular move by the government and it sadens me to see that the events of 2001 have changed us so much.
P.S.
The latest Justifications I have heard for the NSA wire taping are indicative of the problem... saying "we havent had a terrorist atack because of this program" is like saying "the wolly mammoth repelant is working" unless you can show proof that attacks have been thwarted .
I don't give a damn for a man that can only spell a word one way.
Mark Twain
From all this invasion of privacy and analysis of our records, have we caught anyone? Stopped any attacks? Where's Osama?
It would just be nice to know for ONCE the consequences of the actions other than reading about how ordinary people can be spied upon by their Government.
He who knows best knows how little he knows. - Thomas Jefferson
Slashdot readers typically don't know much past what is being screamed about in the mainstream media.
Doesn't anyone here even remember ECHELON? Stop drinking the Kool Aid.
-=-=-=-=-=
I'd rather be flamed than ignored.
I highly doubt it. This layer of defense against privacy intrusion is less than paper-thin. If the NSA gets to decide what the NSA may or may not find "suspicious", then what's the point? Checks and Balances, kids, Checks and Balances. That's the only thing that can hope to be interesting and respectful. Get juidical approval or leave me TF alone. (I'm not American, but the point remains the same)
The grass is always greener on the other side of the light cone.
Political infighting seems to have dropped an interesting and respectful program from the books.
Big freaking deal if the numbers are 'encrypted' or not. The problem is not that the NSA knows people's phone numbers - that's why we have phonebooks. The problem is that they have this huge database that lets anyone with access draw all kinds of inferences about people's relationships with each other. The right to freely associate is not free at all if it means that you end up on some big list in a government computer (or anyone else's computer for that matter).
Having your phone number encrypted when it is in the database doesn't help a bit because the encrypted number is just another unique identifier. Its the equivalent of saying that they used social security numbers in place of the phone numbers.
When information is power, privacy is freedom.
I don't see how this gets around the fact that, like the CIA, the NSA is NOT supposed to be gathering intelligence within the borders of the United States (see the executive order that created the NSA)- that is the FBI's responsibility. President Bush used an executive order to allow for the NSA to investigate within the USA after 9/11.
...the NSA's United States Signals Intelligence Directive 18 (USSID 18) strictly prohibits the interception or collection of information about "...US persons, entities, corporations or organizations..." without explicit written legal permission from the Attorney General of the United States"
I believe that any monitoring that originates and terminates in the United States prior to Bush's executive order is illegal (it's also illegal after Bush's order, IMO) unless Clinton also gave an executive order to permit it.
From wikipedia:
Technical details of such a system are documented in "Vegas 911" in April's issue of the IEEE Spectrum.
The article document's Jeffery Jonas' development of an anonymized system for the NSA based on his security work in Las Vegas. The work is now being done by IBM. The example in the article demonstrates how anonymized cruise passenger data could be compared with an anonymized watch list by a trusted third party. If the trusted third party finds correlations in the data, the government agency can get a warrant for the specific passenger data from the cruise line.
http://spectrum.ieee.org/apr06/3171 (registration required)
because the jokes they tell just don't have a funny punchline anymore. Take this quite from the FA:
. mov (about 2.5 megs)
ThinThread was designed to address two key challenges: The NSA had more information than it could digest, and, increasingly, its targets were in contact with people in the United States whose calls the agency was prohibited from monitoring.
a) they are spying on so many people that they can't even process the data. I've been under that assumption for quite some time, and now its clear. Hey, its a win for us.
b) they are spying on people they can, but the important stuff is "off limits"
Huh?
I'm beginning to think that these people are just like peeping toms or people rubernecking at an accident on the side of the road. They clearly don't even seem to know what the fuck they are doing, it just looks cool, they know they shouldn't do it, but they simply can't help themselves. What a bunch of children.
Now, although the article has not much more info, the article seems to imply that the NSA is going about their surveillance of innocent people, but to get around that pesky 4th amendment*, they are anomalizing (correct word?) the data via some encryption thingy, and if the random stuff looks interesting enough, I guess they have to get a warrant (or not??) to decrypt the data into something real.
Now, at first that sounded OK, but then I thought about it. Isn't the data already anonymous and anomalized (??) by default? I mean, even if they have my name, say George Bush, and phone number, and the name and phone number of the guy I called, say Aleister Crowley. Unless the NSA already knows both of these people, that data is still anonymous. It would take a little more investigation to determine if it was George W. Bush, George H. W. Bush, or just a namesake or the real deal themselves.
So, in other words, get a fucking warrant, and stop wasting my tax money randomly looking at "chatter" of innocent people. The process goes like this. 1) Find out something is wrong 2) Get an idea of who is doing the wrong and develop "probable cause" 3) Get a warrant, and go after the bad guys.
Otherwise, sit on your asses and drink coffee or eat a donut. Don't waste my tax money and be a peeping tom.
Back to that pesky 4th amendment. If you haven't seen it yet, check out the new dipshit that is the new head of the NSA:
http://movies.crooksandliars.com/Countdown-nsa-Ha
In this person's world, by definition, the public should never be able to point to an intelligence accomplishment. Our best response to the existence of stuff like these NSA capers is to keep our heads down. So said my brother-in-law, who had previously explained to me his rationale by which Nixon was the best President we've ever had.
One can see the obvious stepping off point to "the real traitors are the ones who *reveal* our secret, extra-constitutional prison system."
Confronted with evidence of past incompetence on the part of the CIA -- I mentioned the massive expense of the Glomar Explorer misadventure, which got us basically nothing new (old details about an aging vintage Soviet sub) for the staggering money involved -- John simply suggested that there must've been a lot more to the story, and that it obviously succeeded because we didn't know about the successful parts. (Whereupon he spun straw into gold and disappeared like Colonel Flag on M*A*S*H -- "like the wind" -- from our family. I believe he's living as an expat in China now.)
"Fundamentalism" isn't about divine morality. It's about human authority.
Lots of people seem to be worried that the encrypted information would have been decrypted and then misused. C'mon people, haven't any of you dealt with a federal government agency? Do you have any idea what kind of mounds of paperwork an analyst would have probably had to have gone through to decrypt anything? Probably so much paperwork that they'd rather just dismiss the most blatant evidence just so they wouldn't have to work on the bureaucratic shuffle.
Universal Declaration of Human Rights
http://www.un.org/Overview/rights.html
Adopted and proclaimed by General Assembly resolution 217 A (III) of 10 December 1948
Article 12.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Article 30.
Nothing in this Declaration may be interpreted as implying for any State, group or person any right to engage in any activity or to perform any act aimed at the destruction of any of the rights and freedoms set forth herein.
Member -- (Date of Admission)
United States of America -- (24 Oct. 1945)
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
You have two "known" "nutjobs". If you want to know who they're talking to and what they're saying, then get a warrant.
That way, when they both implicate "B", you can immediately get a warrant to find out who "B" is talking to.
Also, you might find out that "C" is a "nutjob", too. Then you can get a warrant for his phone.
All very easy and all very legal under existing laws.
The Bill of Rights is not a suicide pact.
On the contrary, the founding documents of this nation were very much a suicide pact.
The Declaration of Independence said it quite explicitly:
And for the Support of this Declaration, with a firm Reliance on the Protection of Divine Providence, we mutually pledge to each other our Lives, our Fortunes, and our sacred Honour.
Or, to put it more succinctly, "Give me Liberty or Give me Death".
Life without liberty is not life worth living, and the founding fathers knew quite well that they would either succeeed or be killed as traitors.
And of course the irony is that the only way we would commit "suicide" (ie, kill OURSELVES, as opposed to being destroyed by external forces) is to destroy the Constitution and Bill of Rights, exactly as we're doing so well right now. No terrorist bomb can accomplish that task, we're doing it all on our own.
Recursive: Adj. See Recursive.
Do you only have the rights that are explicitly defined in your constitution?
However, people demand security. Often security and privacy conflict with one another and we as a society need to decide where that line needs to be drawn. If we don't want the government to look over our shoulders, then we can't bitch when they didn't see something coming.I think that Bruce Schneier's recent article in Wired is one of the most reasoned and insightful responses to your line of argumentation.
As he states, it is not a debate over security versus privacy - it is liberty versus tyranny.
*** Where are we going? And what's with this handbasket?
"Playing right into their hands" assumes the terrorist goal was to errode our freedoms away. I know that's popular opinion because of propaganda thrown around shortly after 9/11. Isn't their primary goal for the West to stop meddeling in the affairs of the Middle East and surrounding region?
:wq
As long as you wear a paper bag over your head, the Feds should be able to explore your body cavities!
Be heard || Be herd
and overheard your private state-to-state calls when they were put on speaker.
if it bounced off a satellite or went thru a transoceanic cable (hi, Hawaii!), we intercepted it.
I'm just saying that invasive phone searches, legal or otherwise, were happening back in the 80s.
That said, my gut feel, based on when I had clearance (note I don't give specifics), is that the rabbit hole goes way deeper since the current Admin came into power.
Dig deeper my friend - you took the blue pill and the red pill is the right one.
-- Tigger warning: This post may contain tiggers! --
You're correct in that the CIA, NSA, and other arms of the Intelligence Community are tasked to target foreign entities, but they are not as geographically limited as you might imagine.
The CIA, for example, operates within the U.S. performing some functions like those it has overseas. It attempts to recruit foreign assets who will work with them upon return to their home countries, interviews Americans that travel overseas to countries of interest on a strictly voluntary basis, and supports and cooperates in counter-intelligence operations with the FBI. It is also involved in tracking and collecting intelligence on foreigners visiting the U.S. The matter is not geography so much as nationality. For the CIA to target a U.S. citizen requires authorization, a strong reason to do so, and generally is done as a result of that citizen's affiliation with a foreign power and frequently as part of a CI operation. Obviously, the CIA does not have the authority to carry out arrests or other traditional law enforcement tasks.
The NSA is similar. It was actually created in 1952, although it receives much of its marching orders from EO 12333, which generally directs the IC (or at least it did so before the restructuring of 2003). It openly targets foreign missions and embassies operating within the U.S. and it only makes sense to involve it in foreign threats to the U.S., such as terrorists and intelligence agencies (everyone from the Chinese to the French...). The question in the original "wiretapping" scandal was phone calls from FOREIGN entities to the U.S. - if it's from a foreigner, it's free game provided with proper authorization which came in the last case. It must be noted that FISA was written to deal with CI matters, not international terrorism, which is a fundamentally different threat.
and too much 'politically correct' saying.
..
It should not be 'NSA Chose Invasive Phone Analysis Option'
Its correct saying is 'NSA have violated your privacy'
Read radical news here
Encrypted? By whom? Not by me, that's for sure. Who controls the decryption? Again not somebody who answers to me. Encryption is not a magic incantation that protects secrecy. Encrypting some data produces some other data, which in itself is useless--you have to reverse the process to get the original data back. Encryption happens to be a special sort of process can only be reversed under certain conditions (when the correct keys are present). You don't need a technical understanding of the latest encryption technology to understand this. It's common freaking sense. Somebody has spied on you. They promise to keep the results of their spying a secret. Therefore, your rights have not been violated. Seriously--does anybody buy this? Are we that stupid? Oh, yeah--this message has been encrypted, so it's safe. See? Rapelcgrq? Ol jubz? Abg ol zr, gung\'f sbe fher. Jub pbagebyf gur qrpelcgvba? Ntnva abg fbzrobql jub nafjref gb zr. Rapelcgvba vf abg n zntvp vapnagngvba gung cebgrpgf frperpl. Rapelcgvat fbzr qngn cebqhprf fbzr bgure qngn, juvpu va vgfrys vf hfryrff--lbh unir gb erirefr gur cebprff gb trg gur bevtvany qngn onpx. Rapelcgvba unccraf gb or n fcrpvny fbeg bs cebprff pna bayl or erirefrq haqre pregnva pbaqvgvbaf (jura gur pbeerpg xrlf ner cerfrag). Lbh qba\'g arrq n grpuavpny haqrefgnaqvat bs gur yngrfg rapelcgvba grpuabybtl gb haqrefgnaq guvf. Vg\'f pbzzba sernxvat frafr. Fbzrobql unf fcvrq ba lbh. Gurl cebzvfr gb xrrc gur erfhygf bs gurve fclvat n frperg. Gurersber, lbhe evtugf unir abg orra ivbyngrq. Frevbhfyl--qbrf nalobql ohl guvf? Ner jr gung fghcvq? Bu, lrnu--guvf zrffntr unf orra rapelcgrq, fb vg\'f fnsr. Frr?
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
It should have been encrypted. Then it would have been safe. If only if only they would have encrypted it.
Encrypted?
By whom? Not by me, that's for sure.
Who controls the decryption? Again not somebody who answers to me.
Encryption is not a magic incantation that protects secrecy.
Encrypting some data produces some other data, which in itself is useless--you have to reverse the process to get the original data back.
Encryption happens to be a special sort of process can only be reversed under certain conditions (when the correct keys are present).
You don't need a technical understanding of the latest encryption technology to understand this. It's common freaking sense.
Somebody has spied on you. They promise to keep the results of their spying a secret. Therefore, your rights have not been violated.
Seriously--does anybody buy this? Are we that stupid?
Oh, yeah--this message has been encrypted, so it's safe. See?
Rapelcgrq?
Ol jubz? Abg ol zr, gung\'f sbe fher.
Jub pbagebyf gur qrpelcgvba? Ntnva abg fbzrobql jub nafjref gb zr.
Rapelcgvba vf abg n zntvp vapnagngvba gung cebgrpgf frperpl.
Rapelcgvat fbzr qngn cebqhprf fbzr bgure qngn, juvpu va vgfrys vf hfryrff--lbh unir gb erirefr gur cebprff gb trg gur bevtvany qngn onpx.
Rapelcgvba unccraf gb or n fcrpvny fbeg bs cebprff pna bayl or erirefrq haqre pregnva pbaqvgvbaf (jura gur pbeerpg xrlf ner cerfrag).
Lbh qba\'g arrq n grpuavpny haqrefgnaqvat bs gur yngrfg rapelcgvba grpuabybtl gb haqrefgnaq guvf. Vg\'f pbzzba sernxvat frafr.
Fbzrobql unf fcvrq ba lbh. Gurl cebzvfr gb xrrc gur erfhygf bs gurve fclvat n frperg. Gurersber, lbhe evtugf unir abg orra ivbyngrq.
Frevbhfyl--qbrf nalobql ohl guvf? Ner jr gung fghcvq?
Bu, lrnu--guvf zrffntr unf orra rapelcgrq, fb vg\'f fnsr. Frr?
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick