How Many People Are Included in Contact Chaining with 27,090 Numbers?

I’ve decided that if I could have a nickel for every time I’ve said “I told the apologists so” as I’ve read these documents, I’d be Warren Buffet. But I don’t get a nickel for predicting the NSA is as bad as it is. So I could use your help to keep doing what I do. 

One of the most stunning revelations from ODNI’s conference call with Officials Who Can’t Be Quoted Because They Might Be Lying is that only 11% of the numbers the NSA was comparing daily business record collections against should have been included.

Those numbers are presented in the government’s first response to Reggie Walton’s order for more information.

In short, the system was designed to compare both SIGINT and BR metadata against the identifiers on the alert list but only to permit alerts generated from RAS-approved identifiers to be used to conduct contact chaining [redacted] of the BR metadata. As a result, the majority of telephone identifiers compared against the incoming BR metadata in the rebuilt alert list were not RAS-approved. See id. at 4, 7-8. For example, as of January 15, 2009, the date of NSD’s first notice to the Court regarding this issue, only 1,935 of the 17,835 identifiers on the alert list were RAS-approved. (10-11)

This means that every day, the NSA was comparing names they thought maybe might could be terrorist numbers, as well as numbers they actually had reason to believe actually were, with all the phone records in the US to see if Americans were talking to these people. [Update: And to clarify, the 89% on the list who were "compared" to the daily business record take weren't contact chained -- NSA just checked to see if they should look further.]

As I said, per the Officials Who Can’t Be Quoted Because They Might Be Lying who gave today’s conference call, that’s as bad as it gets.

But it appears to get worse.

You see, as NSA was confessing all this to DOJ’s National Security Division, they were also cleaning up their lists (the January 15 numbers come from a week after NSD first got involved). And it appears that before they started their confessional process (in the days before Obama took over from George Bush), they had far more people on their list. And they were contact-chaining those numbers.

At the meeting on January 9, 2009, NSA and NSA also identified that the reports filed with the Court have incorrectly stated the number of identifiers on the alert list. Each report included the number of telephone identifiers purported on the alert list. See, e.g., NSA 120-Day Report to the FISC (Dec. 11, 2008), docket number BR 08-08 (Ex. B to the Government’s application in docket number BR 08-13), at 11 (“As of November 2, 2008, the last day of the reporting period herein, NSA had included a total of 27,090 telephone identifiers on the alert list . . . .”). In fact, NSA reports that these numbers did not reflect the total number of identifiers on the alert list; they actually represented the total number of identifiers included on the “station table” (NSA’s historical record of RAS determinations) as currently RAS-approved) (i.e., approved for contact chaining [redacted]

This appears to mean the NSA could (they don’t say whether they did) conduct chaining two or three degrees deep on all these potential maybe might could be terrorists.

If those 27,090 talked to 10 people in the US, and those 270,090 people in the US regularly talked to 40 people in the US, and those people talked to 40, then it would potentially incorporate 433 millio–oh wait! That’s more people than live in the US!

That is, there’s a potential that, by contact chaining that many people, this actually represented a comprehensive dragnet of all the networked relationships in the US until the days before Obama became President.

And they lied to Reggie Walton about it as they got their first real legal review of the program.

But honest, all this was really just unintentional.

Update: Later in the filing, the government admits they were doing more than 3 hops until early 2009.

Second, NSA is implementing software changes to its system that will limit to three the number of “hops” permitted from a RAS-approved seed identifier.

This means those 27,090 identifiers that were in use on November 1, 2008 (at which point it became clear Obama would win the election) could have been contact chained far deeper into American contacts. This makes it very likely that that “contact chaining” actually did include everyone in the US.

Tweet about this on Twitter0Share on Reddit0Share on Facebook0Google+0Email to someone

18 Responses to How Many People Are Included in Contact Chaining with 27,090 Numbers?

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
Emptywheel Twitterverse
bmaz Hey, maybe NK did actually order cyber attack on SONY. But,where's evid? If you believe the rote bullshit of the UD Govt, you are an idiot.
8mreplyretweetfavorite
bmaz If you have any doubt about that, just look at how the official USG has delayed and dissembled about the Senate Torture Report.
11mreplyretweetfavorite
bmaz I have NO IDEA what's correct about the SONY hack; however, history shows that the US Govt is no more reliable, nor honest, than the NK govt
12mreplyretweetfavorite
bmaz Good Golly Miss Molly, what were odds proven unreliable, false statementing, reporters like US Govt would spew self serving shit about NK?
14mreplyretweetfavorite
emptywheel RT @fmanjoo: North Korea Almost Certainly Did Not Hack Sony by @kimzetter http://t.co/yfePwI9xN4
18mreplyretweetfavorite
JimWhiteGNV RT @atotalmonet: Anonymous threats by hackers against women: "grow thicker skin!" Anonymous threats by hackers against movie studios: "COD…
26mreplyretweetfavorite
bmaz If false equivalency media did not give bleating false equivalency to retrograde craven bigoted jackasses like Cruz we'd all be better off.
33mreplyretweetfavorite
JimWhiteGNV Movie terror alert level RED! I repeat RED! Hide the women! Evacuate the children first. We're all gonna die!!1!! Hellllllp!
48mreplyretweetfavorite
bmaz Why Robert Menendez and Marco Rubio are blithering idiots worthy of public+press scorn re: Cuba policy https://t.co/kdMQlWuD4t
56mreplyretweetfavorite
emptywheel Apparently Jeb! 1) doesn't yet have 22 people reviewing his statements/tweets 2) is not the guy to sell edu-snake-oil
57mreplyretweetfavorite
emptywheel RT @gdebenedetti: Jeb Bush's statement, which had called the Castros "benefactors" of Obama's new policy, has been quietly updated. Now say…
57mreplyretweetfavorite
emptywheel RT @MikeScarcella: 'Davis had, at most, a diminished expectation of privacy in business records made ... by MetroPCS.' New DOJ brief: http:…
1hreplyretweetfavorite
September 2013
S M T W T F S
« Aug   Oct »
1234567
891011121314
15161718192021
22232425262728
2930