NSA Can't Search Its Own Email

cycoj writes "The NSA says that there is no central method to search its own email. When asked in a Freedom of Information Act request for emails with the National Geographic Channel over a specific time period, the agency, which has been collecting and analyzing the data of hundreds of millions of Internet users, says it can only perform person-per-person searches on its own email."

big surprise

[Sparticus789]

Perfect example of "do as I say, not as I do". But this isn't just a NSA problem, it is a government problem.

Re:big surprise

More likely a case of somebody lying to get around a FOIA request, for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations.

Re:big surprise

[rickb928]

Consequences. They're cute when they say that.

Re:big surprise

[Sancho]

FOIA does not require that you make it easy to comply with FOIA requests. Nothing in there says you have to have globally searchable e-mail or document storage, in fact. And the costs to fulfill the request are paid by the requestor, not the agency. By using an archaic, difficult to use system, they can legitimately make the costs of fulfilling FOIA requests prohibitively high. Thus they follow the letter of the law, though not the spirit.

Re:big surprise

[houghi]

I would call it a human problem. Many parents tell their kids not to smoke, while they do so themselves. Same will go for driving under influence. People telling their SO not to cheat on them, while they do so themselves.

I am sure you can find many more examples.

Re:big surprise

it is a government problem.

Government is a problem that has never been a solution to anything but other governments and the failures of society. In shrot, it is a self-propogating problem. It is merely a patch for the failures of society. The bigger the government the more screwed up society is and one condition mirrors the other. "That which governs the best governs the least." Therein true anarchy (anarchy being a purposely corrupted word as used today, much like "hacker" or "liberal" etc ) would be best, unfortunately the human race is not and may never be advanced enough to where they have no need or desire for governance, simply cause self-governance has become suffiicient for peaceful co-existance.

The US didn't form the USA just because they wanted a big government, they formed the USA to ward off Britain and other major governments from imposing their will and governance here one one city or state at a time. Thomas Paine's Common Sense was written and published, in part, to convince the colonists that it was necessary.

"SOME writers have so confounded society with government, as to leave little or no distinction between them; whereas they are not only different, but have different origins. Society is produced by our wants, and government by our wickedness; the former promotes our happiness POSITIVELY by uniting our affections, the latter NEGATIVELY by restraining our vices. The one encourages intercourse, the other creates distinctions. The first is a patron, the last a punisher.

Society in every state is a blessing, but Government, even in its best state, is but a necessary evil; in its worst state an intolerable one: for when we suffer, or are exposed to the same miseries BY A GOVERNMENT, which we might expect in a country WITHOUT GOVERNMENT, our calamity is heightened by reflecting that we furnish the means by which we suffer. Government, like dress, is the badge of lost innocence; the palaces of kings are built upon the ruins of the bowers of paradise. For were the impulses of conscience clear, uniform and irresistibly obeyed, man would need no other lawgiver; but that not being the case, he finds it necessary to surrender up a part of his property to furnish means for the protection of the rest; and this he is induced to do by the same prudence which in every other case advises him, out of two evils to choose the least. Wherefore, security being the true design and end of government, it unanswerably follows that whatever form thereof appears most likely to ensure it to us, with the least expense and greatest benefit, is preferable to all others."--Some Common Sense

NSA *Won't* Search Its Own Email

[TWiTfan]

FTFY

Re:NSA *Won't* Search Its Own Email

[interkin3tic]

It's pretty shocking that after having been caught lying to congress about the program, they're STILL LYING ABOUT IT. They must not think much of us. I guess they've been reading all our e-mails, they probably know us pretty well and are right to think that we'll let it slide.

Re:NSA *Won't* Search Its Own Email

[TWiTfan]

Why wouldn't they continue to lie? Congress, the President, and the American public have made it abundantly clear that there will be no consequences for lying. So, why not?

umm

[easyTree]

var irony = UInt64.MaxInt;

Re:umm

[easyTree]

Arguably. Let me just run a quick hadoop query over every email with a north american correspondent to get a feel for the consensus.

Right...

[sjbe]

The NSA says that there is no central method to search its own email.

[cough] Bullshit [/cough]

Re:Right...

[TWX]

Yeah... Perhaps a congresscritter should ask during a joint committee meeting, and if this answer is provided, the individual should be held for being In Contempt of Congress...

Re:Right...

[NatasRevol]

I think you forget that they're on the same side. That ain't gonna happen.

Re:Right...

[dkleinsc]

Yup: They won't use Contempt of Congress to deal with this, which is why I have Contempt for Congress.

Re:Right...

[runeghost]

The Director of the NSA has openly admitted he lied to Congress, and his punishment is... nothing. Not even harsh language, much less prosecution or losing his job.

Don't worry.

[auric_dude]

I'm sure GCHQ https://www.gchq.gov.uk/Pages/homepage.aspx will search your mail and that CESG https://www.gchq.gov.uk/AboutUs/Pages/CESG.aspx will advise you on how to fix your problem.

what is good for the goose is good for the gander

Maybe they should run all their internal email through their PRISM system, that way it can be searched for keywords and META data much easier. Problem solved.

Suuuuure

That's such a line of shit.

It's not that they cannot search their emails. It's that they have chosen to not create a search mechanism, because they have found this excuse is accepted by the courts to deny information requests. They will use every trick available to them to avoid adhering to laws they don't like.

Do you really believe anything they say?

Re:sounds like they're running exchange

[jongalbreath]

As an Exchange administrator, I can say that searching across an entire mail database is absolutely possible, and also very simple to do from the Management Shell. They're either lying, or just don't want to do it.

And we accept this excuse?

[gman003]

If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency. This is like a Navy that can't figure out how to dock a battleship, or a tax agency that doesn't know what all the valid exemptions are. Complete and utter incompetence.

What's saddest is that this almost certainly isn't true. They've got these capabilities. They're just trying to hide something ("everything" qualifies as something, for their purposes). *Maybe* they're telling the truth, if they've got some custom, highly-encrypted system where emails can only be decrypted by the users. But that doesn't seem like the phrasing used here.

What's saddest is that "we're completely fucking incompetent" is not just the excuse they went with, but that it actually works.

Re:And we accept this excuse?

[1s44c]

If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency.

Not an option. The NSA has a portfolio of affairs, abuses of power, criminal behavior, tax fraud, drug abuse, etc. on every member of the government. Nobody will oppose those who could end their career in a few keystrokes. ...Or maybe I'm just paranoid.

Epic Fail

[jebus187]

What a bunch of lying douches.

Re:sounds like they're running exchange

[g0bshiTe]

I concur it's very simple to search across and pull user or timeframe emails. If they are like any other branches of the gov why are they not required to maintain backup copies of email? Wasn't there a big thing during the Clinton administration that resulted in Washington keeping emails on record after that?

Even if their server can't do it what about their backup repository.

Re:sounds like they're running exchange

[1s44c]

As an Exchange administrator, I can say that searching across an entire mail database is absolutely possible, and also very simple to do from the Management Shell. They're either lying, or just don't want to do it.

Of course it's possible with Exchange or with anything else for that matter. There is an exception to FOI requests where getting the information is expensive. What they mean is they can't do it within whatever small budget they allocate to serving FIO requests.

Re:Get Snowden to do it

[1s44c]

Snowden didn't seem to have a problem finding information. Maybe they just need a contractor to come in and do it for them...

It is highly unlikely that Snowden knows everything the NSA is involved in. The stuff he released might be inflamatory but there will be plenty more he never knew about.

Same ol' NSA protocol

[GameboyRMH]

Lie, lie, lie, until you get caught, 'cause there's nothing to lose and everything to gain.

Exchange

[daninaustin]

There are lots of products that do this for exchange. I would bet that it's a security issue or they just don't want the feature.

Re:Exchange

[datavirtue]

Avoided the feature because of FOIA requests. There are a lot of loopholes for gov organizations to avoid sunshine requests if they really want to--part of it is making the information difficult to reach (can't get the info==do not have to comply). Also, FOIA compliance hinges on each institution's policy in regard to the information. They can set a two day retention policy so that if you request it four days from now they will delete it and reply that the information is not available. Government institutions are hostile to information requests--believe it or not. Power and control is paramount in these environments and arbitrary information requests from outsiders flies in the face of this disposition. [first-hand knowledge]

Re:"Can't" vs. "Don't Want To"

[djmurdoch]

Suppose that instead of "National Geographic", someone at the NSA wanted to search every email that was sent to Snowden's Gmail account from within the NSA.

Do you think they would be able to do that? Not being able to do that sounds like a security problem.

Sounds like the Onion..

[sylivin]

.. but ends up as truth.

Seriously though, the NSA is directly involved in lying to Congress. Do you think they would have any system that would allow easy discoverability of their misdeeds? I am sure their processes are in place to make any type of lawsuit or congressional oversight as difficult as possible.

Of course, any results this poor fellow would have received anyway would be just pages and pages of blacked out text with the headers and footers as they only "public" information.

Re:Clearly they need a bigger budget

[ArcadeX]

The bureaucracy is expanding to meet the needs of the expanding bureaucracy.

NSA

NSA doesn't fund their operations primarily with drug running anymore. Insider trading is the best source of funding. And they have all the information they need to do this.

Re:"Can't" vs. "Don't Want To"

[datavirtue]

The only thing they have to hide is how little they actually do at work.

You've obviously have never worked in government. There is no need to hide how little you actually do--furthermore, working hard or working extra will ultimately get you in trouble (we call it "getting your hand slapped").

Re:"Can't" vs. "Don't Want To"

[datavirtue]

Seems then that a simple script run against a dump of the account names would work.

I can see one way

[Chelloveck]

I can see one way in which this might be both true and proper. If each account was individually encrypted with keys that only the users had, what they're saying would be completely true. And I think it would be completely proper and even laudatory to run an email system that way. They could search individual accounts by having the users decrypt them, but they couldn't do a wholesale search of the entire email system. This is the way email should be!

A somewhat more likely approach would be that by policy, users are not allowed to keep email on the server. All email must be downloaded or deleted. No online folders, ridiculously small INBOX quotas, maybe a read-once policy where as soon as the mail is retrieved the server auto-deletes it. I can actually understand this being done; I've worked with corporate lawyers who would love to have the email system set up this way for the express purpose of defeating global searches. Anything can be twisted and used against you, so save nothing, leave no evidence. I certainly don't agree with that mindset, but I've worked with people who are like that.

Not that I think it actually is done either of those ways. I think it's far more likely that they're simply lying and refusing to comply. It's probably simply policy to refuse such blanket FOIA requests, and there's undoubtedly a clause buried in the FOIA itself that allows them to require that requests be specific and narrow. You know, in the way that searches of private individuals are supposed to be.

Re:sounds like they're running exchange

[pipatron]

It could be that certain agencies are exempt from the law. For your own safety of course. It's better that you don't know.

Do they license their email system?

[Dareth]

Do they license their email system? It may the only one in the world secure FROM them.