How NSA Bypassed the Fourth Amendment for 3 Years

On October 3, 2011, the FISA Court deemed some of the NSA’s collections to violate the Fourth Amendment. Since Ron Wyden first declassified vague outlines of that ruling a year ago, we’ve been trying to sort through precisely what practice that decision curtailed.

A new WSJ story not only expands on previous descriptions of the practice.

The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data.

These requests don’t ask for all Internet traffic. Rather, they focus on certain areas of interest, according to a person familiar with the legal process. “It’s still a large amount of data, but not everything in the world,” this person says.

The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls “strong selectors”—say, an email address, or a large block of computer addresses that correspond to an organization it is interested in. In making these decisions, the NSA can look at content of communications as well as information about who is sending the data.

But it reveals the illegal program continued for 3 years, during which the telecoms and NSA simply policed (or did not police) themselves.

For example, a recent Snowden document showed that the surveillance court ruled that the NSA had set up an unconstitutional collection effort. Officials say it was an unintentional mistake made in 2008 when it set filters on programs like these that monitor Internet traffic; NSA uncovered the inappropriate filtering in 2011 and reported it.

[snip]

Paul Kouroupas, a former executive at Global Crossing Ltd. and other telecom companies responsible for security and government affairs, says the checks and balances in the NSA programs depend on telecommunications companies and the government policing the system themselves. “There’s technically and physically nothing preventing a much broader surveillance,” he says.

The entire WSJ article (and an accompanying explainer) is actually quite polite to the NSA, suggesting that minimization protects Americans better than the plain letter of the procedures do, remaining silent about NSA’s refusal to count how many Americans get sucked up in this, and focusing on terrorism more than the other applications of this. That’s not meant as a criticism; they got the story out, after all!

Most of all, though, it doesn’t question the claim that NSA set the filters too broadly in 2008 unintentionally.

Remember, those filters got set in the wake of the FISA Amendments Act. The telecoms doing the initial pass had just gotten immunity. While I think it possible that one of the telecoms got cold feet and that led to the FISA Court’s discovery of a practice that had been going on 3 years, I’m highly skeptical that the timing of the immunity and the overly broad filters was randomly coincidental.

I think we’re getting closer and closer to the iceberg Ron Wyden and Mark Udall warned us about.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

15 replies
  1. Snoopdido says:

    This really was a worthwhile WSJ article. The details on the of capturing and examining of content for years makes those who’ve claimed “show us the abuses” little more than head-in-the-sand truthers.

    I hope it sets the stage for even more Glenn Greenwald/Guardian and Bart Gellman/Washington Post Snowden files exposure on this particular NSA effort.

    Come to think of it, I wouldn’t mind having Charlie Savage/New York Times make some more hay here too.

  2. orionATL says:

    great dogged, analytical, cumulative detective work.

    too bad nsa and cia don’t recruit such talent, instead of relying on machines, brute storage, and docile/freightened employees.

  3. EH says:

    This really reveals what Obama meant when he said none of Snowden’s revelations have described problems. It’s Cheney redux, using the media as his source of evidence. I think he’s basically saying that unless it’s reported, it’s not going to be admitted (and then, only if it gets really bad).

  4. joanneleon says:

    As soon as I saw the bits about that WSJ article, I came right over here, knowing Marcy would be all over it, after years of analysis about this topic. I hope you’ve got enough now to confirm or fill in the gaps, Marcy. Thanks for the years of posts about it which gave me a head start in knowing what the heck they were talking about as soon as I saw it, and realizing the importance of this “incidental” and “minimization” crap.

  5. greenbird says:

    “I think we’re getting closer and closer to the iceberg Ron Wyden and Mark Udall warned us about.” o i hear myself cheering, even as a freeze to death. and later today is Bradley Manning’s sentencing.

  6. emptywheel says:

    @Phil Perspective: That was significantly laid out in the IG report. I’m trying to think whether collecting everything on Mormon UT would be boring, or would not only demonstrate how widespread bigamy still is (it is!), but also Mormon affinity for porn.

  7. Snoopdido says:

    It is really worth noting the mention of Cisco in the Wall Street Journal article. Why is that you ask?

    Because when the NSA uses Boeing’s Narus system to scan and filter internet traffic on massive fiber hubs, they are basically limited to doing so on the massive fiber hubs that they can physically touch. Like those in domestic locations like San Francisco originally mentioned by whistleblower Mark Klein of AT&T.

    So why is the mention of Cisco in the story really important you ask?

    Because Cisco’s upper end enterprise routers are used by all the really big ISPs on their biggest fiber pipes around the entire globe – http://gigaom.com/2013/02/27/chart-cisco-owns-the-switching-and-routing-world/:

    “Research from Synergy shows that Cisco has the lion’s share of the market in switches and routing, reaching roughly 65 percent and 70 percent respectively.”

    Now imagine that high end enterprise Cisco router sitting at a fiber hub in the equipment room of the Shanghai Telephone Company (or in Moscow).

    Now think of that high end enterprise Cisco router being programmed just like Boeing’s Narus systems with triggers to watch out for select goodies on passing internet data flow.

    Now think of that high end enterprise Cisco router copying massive amounts of that passing internet data flow to a location in the US that only the NSA knows about.

    Imagine that massive level of foreign intelligence data flow captured from afar.

    Imagine that!

    I don’t think the NSA is going to be in a very good mood this morning.

  8. Peterr says:

    From the WSJ piece: “Officials say it was an unintentional mistake made in 2008 when it set filters on programs like these that monitor Internet traffic . . .”

    Sorry, but setting the filters is not an unintentional act. Someone told NSA computer programmers “here’s what we want you to make this machine do.” Some computer programmer entered the commands to make that happen. Some analyst — many analysts, more likely — took what the machine did and thanked the programmers for providing it.

    If this was a mistake, it would have been noticed at the very beginning of the project. The programmer would have immediately said “Hey, this storage file is WAAAAYYY larger than it should be — is there a glitch that’s sucking up more than it should?” The analysts would have said “Wait — this is way more than what I asked for.”

    But for the sake of argument, let’s say it was a mistake. Then the NSA has an even bigger problem: incompetent programmers who can’t debug their own programs, and analysts who can’t recognize major errors when they are staring them in the face.

    Put me down for “intentional choice” rather than “unintentional mistake”.

  9. Frank33 says:

    We have yet more NSA surveillance technology revealed. An intelligence agency expert chatterbox, possibly one of those who raided teh GUARDIAN, leaked. A plastic cup or a window are now terrorist weapons. Sound waves from audio conversation produce vibrations that an IR laser can interpret. I do not know if double or triple pane windows can provide a defense.

    They expressed fears that foreign governments, in particular Russia or China, could hack into the Guardian’s IT network. But the Guardian explained the security surrounding the documents, which were held in isolation and not stored on any Guardian system.

    However, in a subsequent meeting, an intelligence agency expert argued that the material was still vulnerable. He said by way of example that if there was a plastic cup in the room where the work was being carried out foreign agents could train a laser on it to pick up the vibrations of what was being said. Vibrations on windows could similarly be monitored remotely by laser.

    The NSA was worried teh GUARDIAN would be hacked by enemies of the Homeland. Then Top Secret info would help the terrorists or reveal the next war. To repeat again, classified, Top Secret information cannot be made secure on a computer network.

    And everyone may need to get multiple pane windows. And all the Bill Gates Windows leak.

  10. What Constitution? says:

    The hits just keep on coming. One thing, though — they’re clearly in need of some catchier mottoes for the surveillance programs. Too bad that the one which leaps to mind has already been taken by “Sex Panther Cologne” in Anchorman: “Sixty percent of the time, it works every time.” What’s a little “unconstitutional oversampling” among friends? And yes, that’s not funny, that’s sick.

  11. lefty665 says:

    @Snoopdido: “Now imagine that high end enterprise Cisco router sitting at a fiber hub in the equipment room of the Shanghai Telephone Company (or in Moscow)… Now think of that high end enterprise Cisco router copying massive amounts of that passing internet data flow to a location in the US that only the NSA knows about.”

    That is exactly NSA’s traditional mission, and why we should say ‘Thank you’ occasionally.

    The crime is turning those capabilities inward on domestic US citizens, communications and data. That was ordered by Duhbya and expanded by BO. That does not excuse NSA for embracing clearly illegal behavior, it does shed light on the source of the problem. The Chinese say: “A fish rots from the head”.

    Impeach and prosecute, or just prosecute those already out of office.

    @frank33 Passive radiators have been used for a long, long time. The USSR made one out of the great seal of the US. They presented it as a gift and apparently used it to repeat nearby conversation. It was ‘tuned’ to radio frequencies so they did not need physical access to use it.

    It is a huge stretch to use hypothetical passive radiators as an excuse to suppress journalism.

  12. Snoopdido says:

    @lefty665: I should have been more clear in my comment, but as you can see from the timestamp, I was commenting in a bit of haste before heading out the door this morning.

    I’ll add two additional thoughts to my original comment:

    First, my point, which I was thinking of but didn’t explicitly state was that the inclusion by the Wall Street Journal of the information about Cisco being part of the NSA’s Upstream collection was that its mention was a revealing nugget of pure gold regarding NSA’s sources and methods that had not been revealed publicly before to my knowledge. That was the big deal. And the presence of Cisco routers globally in all kinds of nation states made this a very big deal for NSA surveillance!

    Secondly, a further very big deal is the fact that not only are high end enterprise Cisco routers routinely used by ISPs at their internet fiber hubs, but they are also routinely used by individual organizations.

    The reason that this is again a very big deal is that Cisco routers used in organizations route ALL of the organization’s internet AND intranet traffic.

    For example, consider the use of a Cisco router at the Shanghai Noodle & Nuclear Weapons facility. If the NSA has its hands inside that Cisco router, not only are they able to scan and capture outgoing internet traffic, but they are also able to scan and capture ALL internal traffic at the facility.

    These means when Mr. Wong of the Nuclear Weapons Development department logs onto his computer in the morning and starts accessing documents and files to do his work, the NSA embedded in that onsite Cisco router could monitor and capture each and every file access.

    That too is one very big deal when it comes to NSA surveillance capability. And again, it is an important NSA source and method revealed publicly by the Wall Street Journal.

  13. lefty665 says:

    @Snoopdido: Here’s an earlier report from Bamford “The Shadow Factory” 2008, pages 195-196.

    “One of the ways to covertly penetrate both the Internet and fiber-optic communications is to target their weakest point, the point where the systems interconnect-the routers… Thus as (NSA deputy director for services) Thompson further explained at the 1999 meeting, one of the NSA’s goals should be to hire away, on a short term basis, people from key companies such as Cisco. Having hired them, the agency could use their knowledge and expertise to ‘reverse engineer’ the systems and find ways to install back doors… According to Mike Hayden (ca 2001), ‘The explosive growth of the global network and new technologies make our partnership with industry more vital to NSA’s success than ever before.’ As a result, in a troubling change, much of the NSA’s highly sensitive eavesdropping has been outsourced to private firms in the same way it outsources copy machine repair.”

    Cooperation between NSA and Cisco et al has had the opportunity to ripen since then.

    There is a lot of information around, but someone has to have been either involved or pretty interested for a long time to put the pieces together, to “connect the dots”. That is what makes whistle blowers like Binny and Drake, and journalists like Bamford so important. They put context on what other whistle blowers like Snowden and journalists like Greenwald/Gellman/WSJ reveal. The rest of us are not likely to be witting.

    It seems hard to overstate NSA’s capabilities or to be surprised by the extent of their technical exploits. Those have evolved along with communications technology since NSA was founded. Individual disclosures of methods are important mostly for the insight they give us into how thoroughly we have been had.

    What has changed with NSA is the mission, from foreign to domestic. That is the stuff of tyranny according to Senator Church and previous generations of NSAers. Domestic surveillance and searches, assembly, speech, the essence of the Bill of Rights, are the heart of the battle that is now raging.

    How much will we know of the extent of domestic eavesdropping? The administration, congressional leaders and FISC are intent on making that as little as possible. Without public understanding of what has been done, is happening now, and what is planned, change is not possible. Our freedom will be dictated by the outcome.

Comments are closed.