The 3 Hop Scotch of Civil Liberties and Privacy

I was in court, so I didn’t see it, but apparently there was a little hearing over at House Judiciary Committee this morning on “Oversight of the Administration’s Use of FISA Authorities“. There was an august roll of Administration authorities and private experts: Mr. James Cole, United States Department of Justice; Mr. John C. Inglis, National Security Agency; Mr. Robert S. Litt, ODNI; Ms. Stephanie Douglas, FBI National Security Branch; Mr. Stewart Baker; Mr. Steven G. Bradbury; Mr. Jameel Jaffer; and Ms. Kate Martin.

Hmmm, let’s take a look and see if anything interesting occurred (as reported by Pete Yost of AP). Uh, well, there was THIS:

For the first time, NSA deputy director John C. Inglis disclosed Wednesday that the agency sometimes conducts what’s known as three-hop analysis. That means the government can look at the phone data of a suspect terrorist, plus the data of all of his contacts, then all of those people’s contacts, and finally, all of those people’s contacts.

If the average person calls 40 unique people, three-hop analysis could allow the government to mine the records of 2.5 million Americans when investigating one suspected terrorist.
….
The government says it stores everybody’s phone records for five years. Cole explained that because the phone companies don’t keep records that long, the NSA had to build its own database.

Go read all of Yost’s report, there is quite a bit in there that is stunning in the blithe attitude the Administration takes on this hoovering of data and personal information. Also clear: Congress has no real grasp or control of the government’s actions. The Article I brakes are out and the Article II car is accelerating and careening down the road.

Bmaz is a rather large saguaro cactus in the Southwestern Sonoran desert. A lover of the Constitution, law, family, sports, food and spirits. As you might imagine, a bit prickly occasionally. Bmaz has attended all three state universities in Arizona, with both undergraduate and graduate degrees from Arizona State University, and with significant post-graduate work (in physics and organic chemistry, go figure) at both the University of Colorado in Boulder and the University of Arizona. Married, with both a lovely child and a giant Sasquatch dog. Bmaz has been a participant on the internet since the early 2000’s, including active participation in the precursor to Emptywheel, The Next Hurrah. Formally joined the Emptywheel blog as an original contributing member at its founding in 2007. Bmaz grew up around politics, education, sports and, most significantly, cars; notably around Formula One racing and Concours de Elegance automobile restoration and showing. Currently lives in the Cactus Patch with his lovely wife and beast of a dog, and practices both criminal and civil trial law.
33 replies
  1. earlofhuntingdon says:

    Who believes the claim that the government will destroy phone records after five years?

    Who believes, instead, that that five year-period will miraculously be extended?

  2. peasantparty says:

    Look out for Butt dialing, Drunk Dialing, Handbag calls, and pillow rings!

    This stuff just gets more crazy by the day. Plus, it is ILLEGAL!

  3. lefty665 says:

    Ooh, ooh, tell them to go to 6 hops and they’ll all get to BO! I can’t wait, this is so exciting.

  4. eh says:

    It strikes me that some math can be done here: how many targets would it take to cover the whole nation? I’m not sure which side overlap might favor, but at 2.5 million people per target’s worth of three-hops, it would only take 120 targets to cover the 300 million US persons. I’m sure a lot of those people get reused in an equation like this, but then again, companies like Comcast routinely enjoy regional monopolies, so I’m also wondering whether “all Comcast customers” get to be part of this dragnet once a target pays their bill over the phone, or hey, orders service.

  5. Jessica says:

    Moon of Alabama linked to an Atlantic Wire piece on this topic; I found this part interesting:

    “Think of it this way. Let’s say the government suspects you are a terrorist and it has access to your Facebook account. If you’re an American citizen, it can’t do that currently (with certain exceptions)—but for the sake of argument. So all of your friends, that’s one hop. Your friends’ friends, whether you know them or not—two hops. Your friends’ friends’ friends, whoever they happen to be, are that third hop. That’s a massive group of people that the NSA apparently considers fair game.

    For a sense of scale, researchers at the University of Milan found in 2011 that everyone on the Internet was, on average, 4.74 steps away from anyone else. The NSA explores relationships up to three of those steps.”

    http://m.theatlanticwire.com/politics/2013/07/nsa-admits-it-analyzes-more-peoples-data-previously-revealed/67287/

    Of course, it’s always helpful to have things explained through Facebook analogies, and I’m only half-kidding on that. Most people I know can’t envision how this might affect them, but Facebook they get.

  6. lefty665 says:

    Since the calls count both ways, in as well as out, the unique number count over 5 years has got to be a lot higher than 40. Figure how many they generate chasing back fundraising calls from the DNC, DCCC, or robo calls from OFA. “Holy brother of Jesus we’ve hit the mother lode. This one’s got 10,000,000 contacts, and a lot of them hop back to BO.” Put 3 hops of that in your pipe and puff on it Alexander.

  7. What Constitution? says:

    Just think of how relieved the people who have been buying into “you have nothing to worry about if you’ve done nothing wrong” are now, huh?

  8. rg says:

    @lefty665: Yes indeed; I recently had occasion to call the phone company. Guess how many contacts they have. And I called my congressman’s office (oops).

  9. Chris Harries says:

    This puts the anti-terrorist programmes in proper perspective. It is very likely that the agent provocateurs and the elaborate sting operations, which seem to account for almost all of the “plots” nipped in the bud, both in the States and in Canada, begin with the identification of persons likely to be recruitable for terrorist activities.

    The agents then tasked with recruiting them are also armed with fairly precise information as to the best way to persuade these individuals that they should join up with government agents to carry out their allotted plots. Information regarding their financial situations would be invaluable (“we will pay you $1000 a week”) so would information regarding sexual proclivities, character weaknesses, fears and so on.

    My guess is that almost every one of the plots that the NSA claims credit for aborting it could equally well take credit for fathering.

    One wonders how helpful the NSA was in bringing down Scott Ritter. And putting an end to the irritation of his truth telling about arms inspection and warmongering.

  10. lefty665 says:

    @rg: The exclusion lists have got to get pretty cumbersome. But what if bad guys figure out how to spoof excluded numbers? It would be perfect cover. “Hi DiFi (aka Alexander) this is Sarah P (aka BO) Ixnay on the ooverhay.” The tribulations of tyranny. Sigh.

  11. peasantparty says:

    You think we might could catch some terrorists if we all called the different Goldman Sachs numbers on Friday?

    Man! That would be a hoot!

  12. lefty665 says:

    @P J Evans: Exactly, and I live in the country so we get them for the “Honey Wagon” too. How about all the election phone banking that goes on largely from volunteer personal cell phones these days? It’s the political equivalent of butt dialing, and one “hit” would have lots of legs.

  13. lefty665 says:

    @peasantparty: But that might get the rest of us on a list. You know Lloyd is hooked up with a bunch of scumbags with money and government contacts… Jamie, Rubin, Summers, Timmeh, drug cartels. Chances are some of them have made the watch lists already.

    Wonder how many spooks were 3 hops from Snowden’s call list? That’s gotta be most of the intelligence community, a lot of the contractors, and a lot of the numbers themselves classified. Think NSA let Booz Allen vet that 3 (or more) hops out?

  14. lefty665 says:

    @rg: It’s a nice metaphor, but not quite as crude as you may have imagined. It’s dialing your phone by leaning on it. Not usually physically using your butt, but it can happen. Fart activated calls are a special case of butt dialing. Be careful how you train your phone:) Current screen locks have reduced butt dials hugely. The political phone canvassing allusion was that those calls can be pretty broadly targeted.

  15. joanneleon says:

    I’m really glad that you guys are here, and can maintain that silly (and very clever) sense of humor about this craziness. What about butt dialing?!? Can you just hear this defense in a courtroom? Yeah, the whole thing is not funny. It’s dead serious. But the opportunity for quips and jokes from all of it is hilarious. I just hope we can fix it. Some members of Congress sounded pretty serious in that hearing, and not in the usual kabuki way. Why? Because it affects them! That’s the one thing that makes me think we might just be able to rein this in. Of course the exec branch and NSA can then just go underground, so there’s that. The best way to prevent that is to take down some honchos and prosecute, because it’s the right thing to do, and to make the next guy think twice.

  16. rg says:

    @lefty665: and joanneleon @ 24: Well,thank you for the cultural upgrade; sorry to put you through it. So the term could apply to any inadvertent dialing-the proverbial wrong number. Which gets us to the fact that the data envelope in Utah has to be big enough to house all those 40x40x40 or so “contacts” included in that accidentally-created network loop. Heaven help us. Yet as J @ 24 noted, the comedy of this is a way of coming to grips with what we face.

  17. thatvisionthing says:

    Am watching the hearing now. 3 hours! Wish there was a transcript, I want to search “Craig Murray” – did anyone ask about this?

    http://www.craigmurray.org.uk/archives/2013/07/all-law-is-gone-naked-power-remains/

    I have repeatedly posted, and have been saying in public speeches for ten years, that under the UK/US intelligence sharing agreements the NSA spies on UK citizens and GCHQ spies on US citizens and they swap the information. As they use a shared technological infrastructure, the division is simply a fiction to get round the law in each country restricting those agencies from spying on their own citizens.

    I have also frequently remarked how extraordinary it is that the media keep this “secret”, which they have all known for years.

  18. lefty665 says:

    @rg: Inadvertent and often unknowing, with predictable consequences like from butt dialing home when “working late”.

    Don’t underestimate, NSA’s Utah operation will hold all the calls, forever. They want to run down every variation of 40x40x40 matrix over years, and it seems unlikely that base number is as small as 40. That also includes every email, web search, IM, txt, all electronic financial records, blog postings (Hi Keith) and everything else they can get their hands on. Them boys and girls are ambitious, and very bright.

    And, our elected leaders wrapped themselves in the flag and muttered soothing platitudes interspersed with TERRAH as they sold us down the river and ripped up the Constitution. What else but gallows humor to keep from crying?

    Putin was funny a couple of weeks ago when describing talking to the US about Snowden. Roughly: “It’s like shearing a piglet. Lots of squealing but not much wool.” Who’d have thunk that we’d be reduced to getting our humor from the KGB? You’d expect more from a nation whose president’s initials stand for body odor and a majority leader surnamed for an erection.

  19. Bill Michtom says:

    @joanneleon: “The best way to prevent that is to take down some honchos and prosecute”

    And that will happen immediately after the bankers get prosecuted–the new version of “when hell freezes over.”

  20. rg says:

    @lefty665: I realized sometime last night that the data bank is for collection, whereas the 3-hop is about “queries”. Confused? Yes, but at least I know you don’t get wool from pigs.

  21. lefty665 says:

    Sounds like you’ve got it! And so does NSA, they wanted it all and they got it.

    I’d wager we haven’t heard all of it yet. They’ve known how to turn phones into bugs for at least 50 years, and personal computer security isn’t more than a minor inconvenience. Those are on the list, and who knows what else. They are good at what they do.

Comments are closed.