Contractors Already Have Access to the Phone Dragnet

In today’s HJC hearing on the NSA, there was extensive discussion about the risks of outsourcing the dragnet to the telecoms or — especially, to a third party holding all the data. It’s a concern I share.

That said, not a single person at the hearing seemed to be aware of this footnote, which has been in the phone dragnet primary orders since at least last April.

5 For purposes of this Order, “National Security Agency” and “NSA personnel” are defined as any employees of the National Security Agency/Central Security Service (“NSA/CSS” or “NSA”) and any other personnel engaged in Signals Intelligence (SIGINT) operations authorized pursuant to FISA if such operations are executed under the direction, authority, or control of the Director, NSA/Chief, CSS (DIRNSA).

If this language left any doubt that it permits contractors to directly query the database of every single phone-based relationship in the US, this language from Dianne Feinstein’s Fake FISA Fix bill report (which aims to codify the status quo) should eliminate them.

The Committee believes that, to the greatest extent practicable, all queries conducted to the authorities established under this section should be performed by Federal employees. Nonetheless, the Committee acknowledges that it may be necessary in some cases to use contractors to perform such queries. By using the term “government personnel” the Committee does not intend to prohibit such contractor use.

Contractors already have access to the dragnet.

If it presents a security threat to have contractors from Booz Allen Hamilton or some other intelligence contractor to have direct access to the dragnet, then we need to shut the dragnet down.

Because they’ve already got it.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

5 replies
  1. Greg Bean (@GregLBean) says:

    Where the data is held is a distraction. While I would prefer it to NOT be held at all, technically it makes no difference.

    The 3 options I can think of are:
    1 – let the technology companies, that create it, hold it in separate silos
    2 – let a single company hold it
    3 – let the Government hold it

    We know what happens when the 3rd option is used. The 2nd option has major risks. So, the 1st option seems best.

    BUT, it really doesn’t matter.

    The issue is lack of over sight. Any of the options without over sight is not really palatable.

    So, what solution exists to address over sight. The technical answer is to log ALL access to the database(s) and provide the log to a third party. Any suggestions?

    This log would create the required over sight mechanism. It could even be used to replicate the database(s) and do so in real-time.

    BUT, once collected, all options create an opportunity for abuse. There is no getting around that.

  2. What Constitution? says:

    Well, yeah — contractors the NSA likes (meaning “controls”) have access and that’s just fine; it’s only when some third party contractor might have access which required the NSA to ask permission or be subject to some sort of oversight that the contractors should not be trusted implicitly. Right?

    Gee, you’re definitely gonna piss somebody off if you keep quoting their own documents back at these malevolent numbskulls to demonstrate the holes in their assertions…..

  3. john francis lee says:

    Collecting the data in the first place is unconstitutional.

    Either we revert to our constitution or we stick with totalitarianism.

    It’s clear that the economic players, the ones who’ve captured our political system, have embraced and extended the totalitarian route.

    Look at the people lined up at the trough : Mike Rogers’ wife, Hayden, whatshisname who ran Homeland Security for Bush … and the Seven Sisters : Apple, AOL, Google, Facebook, LinkedIn, Microsoft and Yahoo.

    Microsoft, Facebook, Google and Yahoo release US surveillance requests

    Tens of thousands of accounts associated with customers of Microsoft, Google, Facebook and Yahoo have their data turned over to US government authorities every six months as the result of secret court orders, the tech giants disclosed for the first time on Monday.

    “We still believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest,” said Google’s legal director for law enforcement and information security, Richard Salgado …

    What are the chances of a Googlish Edward Snowden standing up and doing the right thing? Zero to none.

    CISPA, written by Google, provided for exactly this kind of privatized totalitarianism. It’s like the TPP and its trans-atlantic counterpoint.

    The TNCs über alles. And things are speeding up … Germany and Japan are both rapidly re-militarizing and this time the USA is the pivot in the Axis.

  4. Greg Bean (@GregLBean) says:

    Further to the over sight issue. If adequate over sight was in place one can imagine that the reams of dragnet specific laws could virtually be discarded.

    After all, the legal system has been built up over hundreds of years and largely addresses privacy, civil and human rights issues. It is only the lack of over sight that has necessitated all these dragnet specific ‘exceptional’ laws.

    Create good over sight, use the existing laws to ensure abuse is not occurring and discard the ‘exceptional’ dragnet specific laws.

  5. What Constitution? says:

    @Greg Bean (@GregLBean): Maybe it’s all in the semantics again — what we would call “over sight”, the NSA and DiFi would call “over look”. As in, “Congress and the courts are expected to over look whatever NSA does.” That would explain a lot.

Comments are closed.