Keith Alexander’s Secret Lie: Retention and Distribution of Domestic Encrypted and Hacking Communications?

As I noted in my last two posts, Keith Alexander has admitted that the classified lie Mark Udall and Ron Wyden accused him of telling “could have more precisely described the requirements of collection under FISA Amendments Act.”

He then goes onto repeat the many claims about Section 702, which are different forms of saying that it may not collect information on someone knowingly in the US.

Which leads me to suspect that the lie Udall and Wyden described is that the program can retain and distribute domestic communications, which are defined as “communications in which the sender and all intended recipients are reasonably believed to be located in the United States at the time of acquisition.”

The minimization procedures actually describe four kinds of domestic communications that can be distributed with written NSA Director determination. Three of those — significant foreign intelligence information, evidence of a crime imminently being committed, and threat of serious harm to life or property — were generally known. But there is a fourth which I think is probably huge collection:

Section 5(3)

The communication is reasonably believed to contain technical data base information, as defined in Section 2(i), or information necessary to understand or assess a communications security vulnerability. Such communication may be provided to the FBI and/or disseminated to other elements of the United States Government. Such communications may be returned for a period sufficient to allow a thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a current or future foreign intelligence requirement. Sufficient duration may vary with the nature of the exploitation.

a. In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any time period during which encrypted material is subject to, or of us in, cryptanalysis.

b. In the case of communications that are not enciphered or otherwise thought to contain secret meaning, sufficient duration is five years unless the Signal Intelligence Director, NSA, determines in writing that retention for a longer period is required to respond to authorized foreign intelligence or counterintelligence requirements,

Technical data base information, according to the definitions, “means information retained for cryptanalytic, traffic analytic, or signal exploitation purposes.”

In other words, hacking.

Encrypted communications and evidence of hacking have secretly been included in a law purportedly about foreign intelligence collection. And they can keep that information as long as it takes, exempting it from normal minimization requirements.

To be clear, the government still has to get the communication believing (according to its 51% rule) that it has one foreign component. But if Keith Alexander says so, NSA can keep it, forever, even after it finds out it is a domestic communication.

Update: Here’s the July 2012 letter to Clapper. Here’s Clapper’s August 2012 response — the good bits of which are all classified.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

19 replies
  1. Cujo359 says:

    I wonder how they justified paragraph 5(3).a to Congress? Hard to believe that having huge mountains of encrypted data is going to aid in decrypting it. Yet that seems to be the justification.

  2. orionATL says:

    could we just specify now that this entire, massive electronic spying machine, authorized and built in secret, with secret hearings and a secret budget,

    is intended for the purpose of controlling social disruption in the u.s.?

    not primarily for terrorism,

    not primarily for “cyber”protection”

    not primarily for “cyber”warfare,

    but for the purpose of controlling us citizens if we get too noisy and restless.

    collecting all info from every citizen and storing it for “a long time” is NOT likely to be necessary or productive for protecting computer networks, i.e., for “cyberboo”.

    it will, however, be emmanently useful for putting down public protests like “occupy” or “watts”,

    not to mention defeating political activity intended to defeat favored congresscritters, e.g., sen diane feinstein (D-mispyc) or senator mikulski (D-nsaic).

  3. C says:

    @Cujo359: Actually that is the one part of this whole steaming pile that makes some sense to me. To decrypt unknown data you want to have a lot of it so that you can then look for known patterns, frequent characters, common words, times, etc. The root of codebreaking is having educated guesses about what you are seeing and enough data to test them against.

    The problem of course is that you need clean data data you can make some educated guesses about (e.g. encrypted Nazi weather reports) whereas they are claiming everything from coded chatlogs to encrypted porn. At a certain point that undermines the value of the guesses.

  4. Garrett says:


    I don’t buy it, I don’t think.

    For learning to decrypt common encryption methods, to get the large amounts of test data, just encrypt a lot of known texts yourself.

    There are subtleties about statistical distributions. But as if they don’t know the distributions in various plain text subsets.

    If it’s not a common encryption method, then they won’t have large amounts of data anyway.

  5. C says:

    @Garrett: No but if they think that they need to reverse-engineer some new type of encryption or figure out the key being used for a given group then the more data the better. As I said the utility lies in having data you can make educated guesses about so keeping all data from everyone limits that. But if the goal is to say figure out the secret constants used in a given encryption method or to reverse engineer a given protocol then it does make sense to have a lot. Having said that it doesn’t make it right for them to have it.

    The wisdom of civilian control of military agency lies in the fact that to a professional soldier war tends to make sense. Similarly for spies, spying on everyone makes sense. I read these demands for large amounts of data as the NSA, who is data-hungry by design, simply pushing for as much as they can get. I can see a rationale that they would make for getting and keeping all the data even after 5 years. I can even see how it might help them track some asshole who sends money to Al Shabab. But that doesn’t mean that it is right for them to do so or that it is really a useful expenditure of our money. That is, at least in theory why we have congressional oversight, or had.

    So I wasn’t saying that they should be allowed to have it, just saying why they might want it.

  6. C says:

    @Bill Michtom: Well I could see them arguing that some plots (e.g. 9/11) are long planned so they might find it. And even with their supercomputing power it might take 5 years to break an RSA e-mail. As per my earlier message I suspect this is a case of claiming as much as they can and being given it.

  7. Cujo359 says:

    @C: I’d have to say I’m skeptical, too. Modern encrypted data is gibberish. It’s not like the old ways of code breaking based on finding most frequent chars, or whatever. Plus, don’t forget, with public key systems, there are always going to be different pairs of keys for every pair of correspondents.

  8. C says:

    @Cujo359: Well yes and no. At least one of the more popular current systems (Elliptical I believe) depends upon some internal constants that, if known, render all the rest of the encryption useless even with the keys. I believe that the authors of most libraries recommend that you set personal constants but not everyone does. So there if you had mass amounts from a particular implementation you could work on those. For public yes that would be different as well but if you wanted say the key for one correspondent then if you had everyone else they ever communicated with you could begin to factor things out.

    As for the broader point I think it is best encapsulated with the comment, Attributed to Hayden I believe, that to find a needle in a haystack they only need the haystack. I see these rules as a fig leaf of restrictions put in place to enable mass collection with plausible legality.

  9. greengiant says:

    Considering whether this is one of the magic loopholes used by the IC is like searching for how many laws Corzine broke at MF Global. One would hope for more than a civil prosecution. The executive will take responsibility with their only downside being impeachment or the next election. Investigations and prosecutions of underlings will be drawn out as distractions and Libby will be pardoned at the end.
    The IC’s reason for existence is to collect and use data and to fill in the daily briefing book.
    If constitutional concerns will not rein in the IC then budget concerns should.
    The dragnet would retain all data forever. Content, format, style, methods, senders/receivers and then some are all intelligence.
    People have already speculated that Snowden is a false flag operation against Wikileaks, or a stimulus response exercise to take names and numbers of anyone who is half awake and talking about it.
    The federal-city task forces deployed for the occupy movement were probably getting some intelligence from the IC.
    All activists are terrorists, all protesters are terrorists, all bloggers are terrorists, all whistleblowers are terrorists, all journalists are terrorists…

  10. orionATL says:


    your comments on encryption give rise to this thought:

    whatever the motives or use for this collection of communications between (to use that chilling phrase) “u.s. persons” in america,

    the basic fact seems to be that the nsa has collected not a sample from a universe, but the universe itself.

    what uses this data-set-to-beat-all-data-sets can be put to i can’t say; code breaking would certainly appear to be one.

    what other uses might one find for a collection universe of communications of a society of +350 million people?

  11. Jim White says:

    Just realized that the thinking is likely quite parallel in the decision to retain encrypted communications and the logic that choosing to remain silent is evidence of guilt.

  12. P J Evans says:

    With computers, it’s a lot easier to do one-time keys. Or keys that are very long and virtually-unbreakable. Which I’m sure the various agencies (especially NSA) are aware of, but a lot of average users aren’t.

    Like Bill said, after five years the usefulness is pretty small.

  13. greengiant says:

    @P J Evans: Do not be distracted by the ability or lack thereof to determine content today or later. There is a whole lot more information in communications than just mere content.
    Whether things like TOR are effective I have no idea. Snowden was putting those stickers on his laptop.

  14. C says:

    @orionATL: Yes basically they want the “whole haystack.” I think that the impulse is based upon the belief that they don’t know what will be relevant until later so its better to get all of it now. Certainly the history of Signals Intelligence bears this assumption out somewhat. The problem of course is that once collected it is collected, period. As you say there are plenty of uses (political blackmail just to name one) that mean we can’t just let them have the whole haystack and assume it is good.

Comments are closed.