Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Commercial Storage Services Handle the NSA's Metadata?

Posted by samzenpus on from the ocean-of-data dept.

itwbennett writes "In a review of NSA surveillance last month, President Obama called for a new approach on telephony metadata that will 'establish a mechanism that preserves the capabilities we need without the government holding this bulk metadata.' Obama said that a third party holding all the data in a single, consolidated database would be essentially doing what is a government function, and may not increase public confidence that its privacy is being protected. Now, an RFI (request for information) has been posted to get information on U.S. industry's commercially available capabilities, so that the government can investigate alternative approaches."

41 of 67 comments (clear)

  1. And? by MightyMartian · · Score: 2

    And what if some commercial storage vendor can't or won't handle the NSA's metadata archiving requirements?

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:And? by phrostie · · Score: 1

      or keep it secure

      http://science.slashdot.org/st...

    2. Re:And? by similar_name · · Score: 4, Funny

      If you can't trust an NSA contractor, who can you trust?

    3. Re:And? by davester666 · · Score: 1

      We will just have to give the NSA even more money to develop the storage technology they need to spy on us.

      --
      Sleep your way to a whiter smile...date a dentist!
    4. Re:And? by davester666 · · Score: 1

      and so-called "metadata" is only the NSA's selling point. they are also capturing boatloads of actual content under the legal principle "we can and nobody can stop us".

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Give it to a private contractor. In Hawaii. by dsmithhfx · · Score: 5, Funny

    It's the only was to be sure.

    1. Re:Give it to a private contractor. In Hawaii. by wiredlogic · · Score: 1

      It would be easier to just sub it out to China. It'll save them the bother of breaking into the servers.

      --
      I am becoming gerund, destroyer of verbs.
    2. Re:Give it to a private contractor. In Hawaii. by callmetheraven · · Score: 1

      "Nuking it from orbit" is the only way to be sure IIRC.

      --
      You can have my SIG when you pry it from my cold, dead hands.
  3. Not really a technology problem by cold+fjord · · Score: 3, Interesting

    This is less of a technology problem than a policy question. The technology exists to build secure databases and make it accessible to only one remote client. The real controversy is over collecting the data, and who holds it. Private companies don't want to do it. Many are against the NSA, and by extension the Federal government doing it. If only there was somewhere in the middle, between the Federal government and private industry...

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    1. Re:Not really a technology problem by erikkemperman · · Score: 2

      Well, one of the numerous problems with this whole situation is we can't rely on anything the govt, or the companies involved, have to say. Are these companies really against this, or do they just see the need to pretend to publicly? And even if they really are against it, would that change for sufficient compensation?

      Either way, privatization is not going to make the underlying problems (such as much of the program being unconstitutional) go away.

      --
      Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
    2. Re:Not really a technology problem by Anonymous Coward · · Score: 1

      This is less of a technology problem than a policy question. The technology exists to build secure databases and make it accessible to only one remote client. The real controversy is over collecting the data, and who holds it. Private companies don't want to do it. Many are against the NSA, and by extension the Federal government doing it. If only there was somewhere in the middle, between the Federal government and private industry...

      How about nobody collect and store this so-called metadata? Too radical an idea for you and your government-centric, corporatist-centric worldview? Tough.

    3. Re:Not really a technology problem by pnutjam · · Score: 1

      Yes, this "let's have someone else collect it" is a straw man argument designed to answer a question that wasn't asked.

      --
      Cheap storage VM.
  4. Yes by Alain+Williams · · Score: 4, Insightful

    Given enough money.

    Once the USA government asks for bids on this, you will get many companies wanting a share on this juicy contract. This is supposed to be with the intention of increasing security, but just wait a couple of years and stories will start to pop up as to how corners have been cut to turn a few extra dollars with the result that this data becomes available to all sorts.

    1. Re:Yes by Rich0 · · Score: 4, Insightful

      Well, I'm sure one of the usual defense contractors built all the stuff the NSA is using in the first place, so having one build and run it someplace else doesn't seem like a problem. It just doesn't really seem like a solution either. How does moving around the lines on the org chart fix this issue?

    2. Re:Yes by mjwalshe · · Score: 1

      yes the problem came from using contractors to do the NSA's job in the first place in stead of full time DV cleared staff

    3. Re:Yes by DarkOx · · Score: 1

      Usually I would agree with this assessment but in this case not so much. The administrations responses to the public concern have been half measures at best.

      I think the NSA does not really want to give up the data, and the Administration does not want to make but wants to be able to say they did something.

      Clearly the plan here is for the NSA to tinker with the 'requirements' until nobody can meet them and use this as an excuse to delay any real changes indefinitely; meanwhile Obummer gets to sit back and say its being worked on.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    4. Re:Yes by JimSadler · · Score: 1

      Yes! Mr. Manning and Mr.Snowden could probably work wonders as employees of a private, data storage facility.

  5. Why even consider it? by HeckRuler · · Score: 5, Insightful

    It's a bluff. A feint. A thinly veiled threat. It's not intended to actually come to pass. One of the things Obama proposed is to move the keys to the friggin kingdom from government controlled servers to nebulous "third parties". And in the very same damn speech he pointed out how this would be a ludicrously bad idea.

    (Well, I mean, he also suggested that the telcom companies who move this data keep it until the NSA asks for it. That or third parties. I don't mean to harp on a stray comment or anything.)

    But let me spell out the subtext here for anyone that can't read between the lines: If you try and keep the government from storing this data, we'll just go find someone else to hold it. And my, my, my, doesn't that sound just simply horrible? Be a REAL SHAME if someone were to try and enforce that 4th amendment 'round here.

    Also, fuck beta. I have no way to tell if someone responded to me other than looking at that specific thread.

    1. Re:Why even consider it? by Gr8Apes · · Score: 1

      But let me spell out the subtext here for anyone that can't read between the lines: If you try and keep the government from storing this data, we'll just go find someone else to hold it.

      Nice attempt at misdirection, but the gov holding the data is only worse than the gov having access to said data to begin with, which is the real issue. 4th, 9th, and 10th Amendments and all, ya know

      --
      The cesspool just got a check and balance.
    2. Re:Why even consider it? by JWW · · Score: 1

      Also, fuck beta. I have no way to tell if someone responded to me other than looking at that specific thread.

      I know. That is the worst feature of the beta by far. Lacking direct navigation to comment threads from users' comments pages is a egregious omission.

  6. Here is the solution America... by bayankaran · · Score: 1

    America should go for Mongo DB...its web scale. And in addition its "high performance" and supports sharding.

    --
    Tat Tvam Asi
  7. This entire system is so f-ed up by GodfatherofSoul · · Score: 4, Insightful

    OK, so they want to store everything passing across the lines that they deem suspicious, promise us that no one will look at it with a warrant, then if you're ever suspected of something they can go back and find all your communications over the past X years. And, since the feds don't want the blame for holding onto this information (and looking as Big Brother-ish as they are), they want private industry to pony up the disk space? I'd almost trust the NSA more to house this info since they'll only snoop in on my conversations when I post/say a flagged word/phrase. Wheraeas I KNOW private companies will as soon as they figure out how they can commoditize it.

    It's Orwellian enough seeing Google spam me with ads based on my email conversations.

    --
    I swear to God...I swear to God! That is NOT how you treat your human!
    1. Re:This entire system is so f-ed up by HeckRuler · · Score: 3, Interesting

      OK, so they want to store everything passing across the lines that they deem suspicious,

      No. Not really.
      They really do want to store everything passing across the lines. Period. The "deeming suspicious" part only comes into play once they get a warrant to go look at the data they've already collected and stored.

      The up-side to this idea is that the NSA isn't holding onto the data that they promise they're not looking at without a warrant. That's about it.

      The down-side to this is that we SURE AS SHIT can't trust a third party to not look in the box. This third party is also implicitly alerted to who the NSA is investigating and when. That information alone is itself sensitive and not the sort of thing to be trusted to a third party.

      Of course, you know, I guess I could extrapolate my answer and cut down your sentence even further:

      OK, so they want to store everything

    2. Re:This entire system is so f-ed up by ThatsNotPudding · · Score: 1

      OK, so they want to store everything

      aka PreCrime.

  8. It doesn't matter. by king+neckbeard · · Score: 2

    They probably can, given enough money, but 'the capabilities they need' are actually quite modest. The metadata program has no legitimate utility, so just write me a check for half a billion, and I'll build a machine that sits idle and is not connected to the internet, let alone accessible by the NSA. I've solved your problem with equal efficacy and far reduced cost.

    --
    This is my signature. There are many like it, but this one is mine.
  9. Wrong question. by fuzzyfuzzyfungus · · Score: 4, Insightful

    Can they? Sure. It's not as though the private sector can't store data, if provided with the right incentives. Heck, AT&T is providing the DEA with access to nearly three decades of call records, plus consulting expertise, right now!

    Trouble is, that was never the fucking point. Do people want the NSA collecting a giant database about them? No. Does it make the slightest difference if the giant database is nominally Verizon's giant database, that just so happens to respond to all queries from the NSA? Aside from the greater likelihood that the database will be used for marketing and surveillance, not a bit. The ostensible '3rd party' won't remain at arm's length for long. Why would they? An entire organization with a single customer, dedicated to shovelling data toward them on command? Instant capture. The only time the 3rd party will be 'independent' is if somebody asks the NSA what that 3rd party is up to, in which case they'll oh-so-innocently-have-no-idea-what-that-independent-entity-does. For all other purposes, they'll be joined at the hip.

    1. Re:Wrong question. by ShakaUVM · · Score: 1

      >Do people want the NSA collecting a giant database about them?

      No.

      > Does it make the slightest difference if the giant database is nominally Verizon's giant database, that just so happens to respond to all queries from the NSA?

      Yes. Because this, if nothing else, creates a paper trail and at least a properly worded query to the database, whereas currently (as Snowden demonstrated) anyone with a modicum of coding experience can download the whole thing and make off with it and no one's the wiser.

      >Aside from the greater likelihood that the database will be used for marketing and surveillance, not a bit

      You realize there is nothing stopping companies from using this for marketing right now, anyway, right?

  10. Dont keep it at all. by Anonymous Coward · · Score: 1

    The problem isn't where the collected data is stored. The problem is that it is being collected. There is no reason that the bulk metadata of every phone call made in the US is stored for years or indefinitely. There is no need for this RAW data to be shared with other countries. So where it is kept makes no difference. This data shouldnt be kept at all, and from every independent analysis of the program it has had NO impact on fighting terrorism. So it is a colossal breach of the constitution and a massive waste of money and resources.

  11. Well Certainly... by 3seas · · Score: 1

    ...well enough to be leaked.

  12. god, people are retards.. by strstr · · Score: 3, Funny

    The meta-data information provided by the President is a fucking cover story for hiding their spy games program. It's already been exposed that they are doing much more than saving meta-data; they're collecting word for word, every communication domestically and foreign, saving the content of our communications.

    Lets focus on the meta-data for a minute thing: according to Bill Binney, previous NSA director on technology that helped design the system, anybody can store meta-data and equipment that fits inside a 20 by 12 foot room. FOR ALL COMMUNICATIONS, WORLD WIDE. So of course Verizon, AT&T, and these others douches can store this information. In a room probably the size of 5 by 5, because they'll be storing it themselves ; and providers are already storing this information anyway, which has been available for law enforcement use for some time. The Bluffdale data center in Utah is big enough to store 100 years of content data though, .. which means they're using it to store actual profiles and content of people, not just meta-data. Details @ http://www.pbs.org/newshour/bb... "NSA Collects ‘Word for Word’ Every Domestic Communication, Says Former Analyst"

    On top of that, they have a massive satellite and radar system with a variety of capabilities, which is being used to target Americans during continuous black operations. Mind reading capability, tracking from space, watching our movements wherever we are. look at the details @ http://www.oregonstatehospital...

    1. Re:god, people are retards.. by strstr · · Score: 1

      Here's a few revelent articles: Phone companies already record and log all 'meta-data' and have for decades. Law enforcement have had full access to it through court-orders, warrants, etc. Generally, information is kept by phone companies for a period up to or a minimum of 3 years.

      http://gizmodo.com/5795861/how... ("How the police get your phone records" written, 2011)

      https://www.aclu.org/blog/tech... ("How Long Is Your Cell Phone Company Hanging On To Your Data?", 2011): this article covers cell phone only. Generally information is saved for 1 year minimum, but some carriers save it longer.

    2. Re:god, people are retards.. by bigfoottoo · · Score: 1

      I absolutely argree! Consider a few numbers. Assume 3 phone calls per person per day in U.S. Then, the number of calls is

      Number Calls = (330 X 10^6 People) X (3 Calls / Person / Day) = 1 X 10^9 Calls / Day

      Assume each call lasts for 1 minute.

      Seconds of Content = (1 X 10^9 Calls / Day) X (1 Minute / Call) X (60 Seconds / Minute) = 60 x 10^9 Seconds

      Call audio data can be handled with a 4 KHz cutoff. It takes two samples per Hz to capture this data. Assume 2 Bytes per sample (actually too high).

      Bytes per Day = (60 X 10^9 Seconds of Content) X (4 X 10^3 / Second) X (2 Samples) X (2 Bytes / Sample) = 9.6 X 10^14

      Or, about 10^15 Bytes per Day to store raw content. One PetaByte. For perspective, this is just 1000 1 TB hard drives. The Utah facility has a capacity of about 30 ExaBytes, or 30 X 10^18 Bytes. This means that Utah could save about 30,000 days of U.S. content.

  13. s/can/should by mmell · · Score: 1

    Fixed that for ya.

  14. No problem by whitroth · · Score: 1

    The world is globaliszed, don'tchaknow? I'll bet some Chinese firm would have *no* trouble offering to host the outsourcing of the data storage....

                        mark "on Chinese-made chips...."

  15. What's The Worst That Can Happen? by Jason+Levine · · Score: 1

    Sure. Let's not shut down the horrible program that a ton of people oppose and instead hand the data over to a company to manage and keep secure. What's the worst that can happen?

    Off the top of my head:

    1 - Hackings. No database is secure. If anyone was to store the data securely (putting aside for the moment the question of whether they should have the data in the first place), I'd trust the NSA to do it over some random company. At the very least, this reduces the potential attack vectors.

    2 - Profits. The company controls this data and realizes that they could make a ton of money off of it. Their federal contract might forbid it, but that's easily handled with a few lobbyists and sneaky riders on must-pass bills. Now, they can sell information to third parties legally. Maybe it's aggregate data/not personally identifiable (at least, at first to reduce any opposition) and maybe not. Either way, this information is now leaking out.

    The answer to all of this, of course, is the answer to the question "Why does the NSA need to store metadata on EVERYONE?" They don't. However, they have fallen victim to a combination of lust for power and a "information gathering" fallacy. (Collecting some information proves useful against terrorists therefore collecting ALL THE DATA will prevent all the attacks. Except that they've just increased their signal to noise ratio to the point that they can't spot the tiny number of terrorist signals within all of the random noise.) If they scaled the program back to only collect metadata on a very limited number of individuals (proven to a judge enough to issue a warrant and with checks and balances to prevent abuse), they would have a higher signal to noise ratio and might actually catch more terrorists than from a random sweep.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  16. Seriously? You people are NUTS! by bobbied · · Score: 1

    I would assume that the methods used to collect this data are CLASSIFIED. Why else are they trying to get their hands on Snowden for leaking some of it?

    IF you have classified information to store, you DON'T put it on third party systems unless they are under the necessary controls required to handle classified data. So, putting this data on contracted storage is NOT going to involve calling Amazon AWS for an account and just copy it up and pay the bill. So in reality you'd just be contracting somebody to build and run a storage solution for you.

    Now *could* the government go out and *contract* with somebody to store their data someplace? Sure, it might even make sense to push it off to a number of contractors, but you NEVER, (and I mean NEVER) put classified data into public view (i.e. on systems you don't directly control), even encrypted, unless you have no choice. If you do, you are being STUPID. The more sensitive the information, the more this is true.

    Assuming you don't use a one-time pad cypher, encryption doesn't mean that the adversary cannot read it only that they will have to break your encryption to see it. Brute forcing a key is *always* possible, the question is really "How Long" will it be, on average, before they will be able to view it, because they will eventually be able to.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  17. Metadata by DarthVain · · Score: 2

    Seriously, all your data is perfectly safe. I have worked with GIS for 14 years. and I can tell your conclusively that absolutely no one reads metadata. :)

  18. Sub the job out to private industry to ensure ... by deal99 · · Score: 1

    the entire Internet will have unfettered access to the data, without actually being able to access said data, thanks to the perpetual irreparable nature of the system's design. ... just visit http://404.nsa.gov

  19. RFP by cdd109 · · Score: 1

    I think the job should go to the same team that built healthcare.gov

  20. A third party holding the data... by Bartles · · Score: 1

    ...at the request of the State is working as an Agent of the State. As an Agent of the State, it is required to meet the exact same 4th Amendment requirements as the State itself. This whole argument is ridiculous. President Obama should be laughed out of office for seriously considering this proposal. Constitutional Law professor, indeed!

  21. Shouldn't have ... by PPH · · Score: 1

    ... gone and shut down Megaupload.

    --
    Have gnu, will travel.