On PATRIOTS and JUSTICE: What We Don’t Know
The first thing Russ Feingold said in last week’s hearing on the PATRIOT Act renewal is that there’s something about the way the PATRIOT Act works that has not been made public.
Mr. Kris, let me start by reiterating something you and I have talked about previously. And that’s my concern that a critical information about the implementation of the PATRIOT Act has not been made public, information that I believe would have a significant impact on the debate. I urge you to move expeditiously on the request that I and others on this Committee have made before the legislative process is over.
In his statement, Feingold reiterates that concern, comparing the current debate with the earlier debates on FISA and PATRIOT reauthorization.
I welcome the administration’s openness to potential reforms of the Patriot Act and look forward to working together as the reauthorization process moves forward this fall.
But I remain concerned that critical information about the implementation of the Patriot Act has not been made public – information that I believe would have a significant impact on the debate.
[snip]
This time around, we must find a way to have an open and honest debate about the nature of these government powers, while protecting national security secrets.
As a first step, the Justice Department’s letter made public for the first time that the so-called "lone wolf" authority – one of the three expiring provisions – has never been used. That was a good start, since this is a key fact as we consider whether to extend that power. But there also is information about the use of Section 215 orders that I believe Congress and the American people deserve to know. I do not underestimate the importance of protecting our national security secrets. But before we decide whether and in what form to extend these authorities, Congress and the American people deserve to know at least basic information about how they have been used. So I hope that the administration will consider seriously making public some additional basic information, particularly with respect to the use of Section 215 orders.
You get the feeling that Feingold wants to draw attention to this aspect of the Section 215 of the PATRIOT Act that hasn’t been made public, huh?
Before we look at what that might be, let me attend to the earlier references Feingold makes. He references the debates on FISA in 2007 and 2008.
During the debate on the Protect America Act and the FISA Amendments Acts in 2007 and 2008, critical legal and factual information remained unknown to the public and to most members of Congress – information that was certainly relevant to the debate and might even have made a difference in votes.
We probably know what this is: the bulk collection and data mining of information to select targets under FISA. Feingold introduced a bajillion amendments that would have made data mining impossible, and each time Mike McConnell and Michael Mukasey would invent reasons why Feingold’s amendments would have dire consequences if they passed. And the legal information Feingold refers to is probably the way in which the Administration used EO 12333 and redacted procedures to authorize the use of data mining to select FISA targets.
Then there’s Feingold’s reference to information not disclosed during the last reauthorization of PATRIOT.
And during the last Patriot Act reauthorization debate in 2005, a great deal of implementation information remained classified.
Lisa Graves addressed that issue in her testimony before SJC.
But, in November 2005 as the Patriot Act was being delayed by a mounting filibuster in the Senate, an investigative piece by the Washington Post’s Bart Gellman quoted government sources reporting that the number of NSL requests had exploded to over 30,000 per year.4 The Justice Department harshly attacked the article in a letter to then-Chairman Specter signed by William Moschella, and calling the 30,000 figure “inaccurate.” I myself heard from a number of staff and reporters that the administration had absolutely denied that anywhere near this number of demands had been made, just as the NSL powers were being debated on the Hill and in public. Congress responded to the controversy by requiring an audit of the number of times the power was being used.
That is how in 2007 we learned that the true number of NSL requests issued in 2004, the year before the article was published, was over 56,000. 5 The number reported in the press was not too big; it was too small! The administration attempted to sidestep this dispute by asserting that its statements were based on counting only the number of letters and not the number of requests. Yet, administration officials had to know that individual letters often had multiple requests. To this day, there has been no real accountability for the way the public was misled by DOJ at the crucial moment in this debate.
In another instance of deliberately distorting the public debate in 2005, while the prior administration was asserting that the government was not interested in library records it was simultaneously seeking records from the Library Connection in Connecticut and gagging those librarians from telling Congress
and rebutting the misleading assertions of the government.
So the Administration was lying, blatantly, both about what they were collecting and how much they were collecting.
Now go back to Feingold’s reference on Section 215. csoghoian notes the following in my last thread:
The public statistics on the use of pure Section 215 orders likely exclude those associated with classified programs
On September 22, 2009, Todd Hinnen, the Deputy Assistant Attorney General for law and policy in DOJ’s National Security Division testified before the House Judiciary Subcommittee on the Constitution, Civil Rights, and Civil Liberties in support of the reauthorization of key provisions of the USA PATRIOT Act.
During his oral testimony, Mr. Hinnen stated that:
“The business records provision [Section 215] allows the government to obtain any tangible thing it demonstrates to the FISA court is relevant to a counterterrorism or counterintelligence investigation.
This provision is used to obtain critical information from the businesses unwittingly used by terrorists in their travel, plotting, preparation for, communication regarding, and execution of attacks.
It also supports an important, sensitive collection program about which many members of the subcommittee or their staffs have been briefed.” (testimony between 24:50 and 25:30)
The redacted copy of the 2008 OIG report on the use of Section does not reveal any direct information about such an important, sensitive collection program. There are, however, a few heavily redacted breadcrumbs that support Mr Hinnen’s testimony.
First, the report notes that “Two Classified Appendices describe other uses of Section 215 orders to collect [redacted]” (page 3). This sentence provides a hint that Section 215 is being used in ways not known to the public.
Second, according to the report, the number of pure Section 215 applications submitted and approved by the FISA court was 7 in 2004, 14 in 2005, and 15 in 2006 (Table 3.2, Page 16). While the total number of US and Non-US persons identified as subjects in these Section 215 orders is redacted, the shape of the black redaction boxes implies a two digit number for each (Table 3.3, Page 16).
A footnote on page 16 states that “Table 3.3 includes the four Section 215 orders processed in 2006 and signed in 2007 and excludes [one line of redacted text].”
The report also notes that “Table 3.3 does not reflect the number of U.S. persons and non U.S persons about whom information was collected as a result of [one line of redacted text].” This exclusion of certain Section 215 orders from the statistics is mentioned (and redacted) again on page 17 and 18.
These redacted sections, and Mr. Hinnen’s testimony before the House Judiciary subcommittee suggests the existence of at least one classified intelligence program which makes use of Section 215 orders to collect information on U.S. and non U.S. persons. The 2008 report thus paints a deceptively false picture regarding the frequency of the government’s use of Section 215 orders, as the published statistics do not include those orders associated with the classified program.
Now, csoghoian suggests the collection might relate to geographic location. Lisa Graves offers some other, more generalized suggestions about what this Section 215 collection might be.
One way to think of the scope of the power covered by Section 215 of the Patriot Act is to think of a giant file into which literally “any tangible thing” held by a third party about you can be put, that is, can be secretly obtained by government agents. Any tangible thing. It could be your DNA, your genetic code, from tests taken by your doctor for your health. It could be records about the books you buy or read. It could be information about websites you have visited. To search your home for these types of personal records, the government would have to have a warrant based on probable cause of wrongdoing, but to obtain them from your doctor or others you do business with, such as your internet service provider or your employer, no such probable cause is required under the statute since 2001.
In fact, any tangible thing about you can be secretly obtained without any evidence that you are a suspected terrorist. Virtually everything about you can be seized through secret 215 orders if you have any contact with a suspect. On the surface that might sound reasonable, but when you think it through you can see that every day through work or business you come into contact with dozens of people, at work, at schools, at conferences, in the cafeteria, at sporting events, at the mall, and if any one of them is the subject of an investigation your sensitive, personal private information might get swept up and kept in government files for decades. That amounts to hundreds of people a year and mere contact, however brief, can trigger this law, which requires the secret Foreign Intelligence Surveillance Court to presume your sensitive personal records are relevant to an investigation and grant a secret access.
And, under the law as amended in 2006, your employer, doctor, or librarian, for example, who may have known you since childhood, cannot ever tell you your privacy has been breached without going to court, even if you are never charged with any wrongdoing. And, it bars them from even challenging such orders for your personal, private information for a year.
This suggests a database of information collected on simple association. Several people in the hearing made it clear that it’s not just the collection of this information, but also its retention, that is a problem.
Now that doesn’t make it clear how they’re using Section 215. But it suggests the collection and retention of a lot of information on people, including information on innocent people who have had the misfortune of contacting a suspect.
Sort of like their electronic communications are being collected under the FISA programs we haven’t been told about.
So as we discuss renewing and fixing JUSTICE, keep in mind that Feingold is also trying to rein in a practice that implicates the "tangible data" of a lot of people who have had potentially insignificant contacts with terrorist suspects.
One thing they are desperately trying to hide is the fact that the results of warrantless wiretapping were used to justify NSLs. The results from those NSLs were then used as the basis for warrants. AND most of it had nothing to do with terrorism.
Agree–but that’s not what Feingold is trying to get to, I don’t think.
Really? I guess that’s how I read your excerpts of csoghoian’s comment, but I haven’t had time to look at Feingold’s statements (or the comments on the last thread for that matter). I guess I should finish up my paying job before I come back to this…
Well, he’s pointing specifically to 215, not NSLs. And he seems to have ALWAYS been concerned about innocent people included among the subset of people who are in the data bases.
Is it time for Fiengold to use his Senate position and tell us from the floor of the senate what the hell is going on?
Boxturtle (He seems irritated, but maybe not yet angry enough)
Somewhere along the way, I recall Schumer questioning Gonzales very specifically about whether the law allowed physical entry into American homes to search without a warrant.
IIRC, it was in the same session where Gonzales was parsing about “the” program in order to attempt to avoid perjury. That part of the exchange got the most attention and analysis, for good reason, but I always wondered whether Schumer was asking about physical entry to get at something he had specific information on.
It would be irresponsible not to speculate.
Sometime last year one of the national magazines exposed that anyone who went to las vegas, or worked or lived there was having ALL their info vacuumed up. This was quickly hushed up, never to be heard of again. If you rented a hotel room, rented a car, how much you gambled, what shows you saw, etc were all being recorded for future use. Local businessmen were very upset but found no recourse.
Las Vegas is a testing ground for digital collection. The insultingly simplistic marketing slogan, “What goes on in Vegas, stays in Vegas” is about as accurate as saying there’s no organized crime or sex in town and that everybody wins at craps.
Feingold “And that’s my concern that a critical information about the implementation of the PATRIOT Act has not been made public, information that I believe would have a significant impact on the debate.”
Feingold consistent
Incidentally, I apparently was at Amherst with Todd Hinnen for a year. Though I was a big senior, he was a measly frosh. I don’t remember him. He must not have played rugby (which looks right).
What constitutes “contact with a suspect”?
Being in the same country at the same time, I suppose. That vaccuum line hooked up to AT&T’s routers is grabbing everything. As a computer programmer, I know what I could do with a data feed like that.
Boxturtle (It would be illegal, immoral, and unconstitutional, but I could do it easily)
Some examples offered both by Kris (in his book, not in his testimony) and other witnesses are the teacher of a suspect’s child, the guy you buy cigarettes from, a guy who a suspect sits on a park bench next to (though the latter was admittedly discussed as being more interesting if it happened twice). So it seems to replicate (or may be the basis for) the six degrees of separations that the warrantless wiretap program relies on.
One of the minor fixes proposed is requiring that the tangible information be shown to have some tie to the terrorism investigation. That’s something Whitehouse was hitting on–pushing Kris on the lack of antagonistic hearing here, coupled with language on presumption.
Since WHitehouse is pushing that issue, it ought to go through. But there’s still the collection of huge amounts of data.
Maher Arar knows the answer to that question.
Pizza Delivery.
Working the same place.
Same parking garage.
Shared first name.
Same religion.
Shared hemisphere.
Same address, zip code, area code, street name, street number, longitude and latitude. The list is as long as an NSA or private contractor’s creativity. Like evolution, the ideas build off each other rather than start from scratch each time.
What’s happening, as in England, is the propagation of the databases, expanding and filling them with as much as giga-, tera-, peta- and exa-byte server farms can hold. The costs of which are probably black box and not included in any admitted government budget.
In the UK, police routinely collect DNA as well as fingerprints in routine stops, whether or not the person is charged, whether the charges are dropped or the person is acquitted. The government is fighting putting limits on how long it can retain that data.
All frequent visitors, volunteers and caregivers, as well as staff at all schools give up similar data and are background checked, paid for at their own (sometimes subsidized) expense. Insurance and ownership data on all cars is now part of governmentdata bases, on a live, interactive basis. Soon the government will not only tell you that your insurance has lapsed, but fine and/or imprison you after a delay on the assumption that you are driving that 40 year-old Mini on blocks in the backgarden.
Those are mundane examples of how the presumptions of innocence and privacy are now more honored in the breach. They illustrate the melding of once discrete databases in an effort to find patterns, and to have literally all data available for analysis should any individual or group become a “person of interest”.
That would expose the bogus notion that they are somehow combing the databases to reveal persons of interest out of thin air (a questionable undertaking imo anyway).
Not that the associations thing talked about above won’t be done where there does exist some target, e.g. some schlamazel who does target KSM’s drycleaning would be found and monitored or whatever, but for the uses the earl describes, the poi are prespecified, as it were, and it’s just the patterns, or perhaps the recent activities, that are to be discovered.
Alas, it’s NOT bogus. It works quite well, to the point that the names it kicks out are all worth human followup. I’ve done coding like that.
Long haired, over simplifed description of one method of doing so:
First, establish an N-dminesional space where N is the number of different variables you’re tracking. Credit card data would provide name, item purchased, date, and location as variables. N can be VERY large, depending on the computing power available.
At the center of the Nspace, place Mr. Average. He represents a normalized statistical average of everybody. Map each person onto the Nspace. The ones farthest from Mr. Average are the ones worth looking at. The IRS has been using this method for years to find returns to audit.
Oversimplified example: We scan the database of people who purchase Ammonium nitrate, a common fertilizer that’s also the key ingredent in an Oklahoma type bomb. We rule out all the farmers who purchase x lbs per acre or less. We rule out the people who less than x amount per year. Now we run that list against the list of suspected crazies. Or we match it against those we see going into mosques.
Boxturtle (You can see the value such a database would have for private industry as well)
I used the English examples because the UK is regarded as a more liberal society than we are – they have a Labour Government of all things – and because the government is mildly more open about some measures, including the need for statutory authority for them. As cooperative and queue-minding as they are (football fans aside), the English still find the gumption to object when their government plants its boot in their front parlour and says, “Nothing to see here, move along”.
The English schools and car insurance examples also illustrate tying a valid public concern – child safety and drivin
You hit this right on the nail–it is a very questionable undertaking. The whole surveillance state has been based on the naive belief that more data is equivalent to more knowledge. In fact, after a point, the opposite is true.
I have been a database programmer and have had some exposure to the fad for datamining in management circles. I very much doubt that any really useful information has ever been extracted by datamining.
The reasons are simple. You can find almost any pattern in a large enough dataset. But patterns are not significant in themselves. They are as apt to be the products of chance or prejudice as anything. Patterns are only meaningful if and when we can show the causes that produce the pattern. This is the basis of scientific method. Patterns are only considered valuable if they are found after being predicted by a hypothesis that specifies their causes.
Consider a concrete case. A manager decides that a software product should improve system availability by 15%. He has lots and lots of availability data in databases that hold the records of the corporate data centers. So he turns the data miners loose. When the numbers come back, it turns out that the computers that run the software are in service and available 95% more often than the computers that don’t. Open and shut case? Not quite. The databases that record the system names and availability data do not contain fields for the computer’s role in the business. It turns out that the highly available computers are production servers that never reboot, while the low-availability machines are in test labs and get changed and rebooted all the time. The original software is never installed on the test machines. So the pattern–high availability when the software is installed–is just a product of a little bit of ignorance and a large amount of uncritical, wishful thinking.
In the example and in the current security-state examples, datamining’s attraction is that the method demands no preliminary hypothesis. Searches are unconstrained by any prior knowledge of causal links or rules of inference–what in the legal world is called probable cause. But the reason for the attraction is what makes the method dangerous and unreliable. In the absence of logical, scientific and legal constraints, ANY pattern can be accepted uncritically and acted on. This is, I suspect, a major reason why the Constitution does not allow dragnet searches. The Founders knew all about this because they’d seen unreasonable searches.
Secrecy compounds the problem. In the example I gave, the manager was stopped before he made any public claims about the miracle software because a couple of people in his audience were suspicious of the methodology and knowledgeable enough about the data centers to ask questions of the right people. The answers exposed the fallacy, to the manager’s embarassment. But the manager did not have the option of hiding what he was doing from the company as a whole. With the FISA and Patriot Act stuff, the assumptions go unchallenged.
Data gathering in the absence of probable cause is thus very likely to undermine our knowledge of real threats while harming innocent people. Like torture, it will lead to confabulation rather than intelligence and focus us on irrelevancies.
Feingold has been very consistant. But so has BushCo/ObamaCo. Whatever is happening in there, both admins want(ed) it a LOT. And both Admin’s think that if it becomes public, it will either be stopped or stop being useful.
See a judge. Get a warrant. It worked for many years.
Boxturtle (If there’s an Agent Hoover reading this, your wife wants you to pick up milk on the way home)
After the next Wall St. collapse it really won’t matter. The government won’t have enough money to pay their KGB to spy on their friends and families. This country is o v e r.
On the lone wolf representations, didn’t DOJ tell us once upon a time (when they thought people who knew better were gagged) that they weren’t using the library searches without warrants and with gags? Not that I’d ever question such a truthful dept in the exec.
OT – Another article on the missing classified docs
http://www.motherjones.com/pol…..-documents
Re library searches. This might help, or so I hope.
Would you refresh my memory about Congress’ prohibiting the use of funds for data mining and how later legislation – or executive disregard of that prohibition – has allowed data mining to proceed on a national scale.
Until we learn otherwise, we should assume that data retention is permanent, that it is disseminated to various private contractors for “analysis and interpretation”, that the mechanisms for such analysis are protected intellectual property that is largely in private hands.
Given the government’s record with private contractors, and its and corporation’s poor records at securing personal data from loss and virtual or physical corruption – and their going into collective anaphylactic shock at the thought of correcting it or assessing it for accuracy – we should assume that there are insufficient limits on the commercialization of the mechanisms for analysis and interpretation, of the data, and of excerpts and “anonymized” versions of it.
[An interesting side question is how much of this gets into federal/state “fusion” centers, and the patterns of information use and abuse there.]
Apart from “national security” issues, and the likelihood that under Bush and now Rahma that these bleed into partisan political uses, this is a multi-billion dollar private industry built on the collection and use of personal data about which the public knows virtually nothing.
The Defense appropriations (obviously covering NSA) for FY 2004 defunded any data mining of US citizens, though it did allow a program described in classified annex to continue. AFAIK, that defunding has not happened in subsequent years.
The data mining was defunded. But I bet they’re still COLLECTING the data, even if they’re not searching it without a warrant.
Once you realize the government is/was doing it and they want to keep doing it, you can parse the law passed to see how they still allow it.
For example, Abdul the Target’s ISP is att.net and he has several id’s. And he can add/delete id’s as he wishes. Both features are common. You’re at att.net, too. The government can scan all of att.net, picking you up as well, since they don’t know what Abdul’s id is on a day to day basis. They need just one target on a given network to justify scanning & archiving the entire network.
Boxturtle (Now I know how the Soviets felt about the KGB)
Oh, it was defunded. But remember, data mining is what the big hospital showdown was about. While they had other problems iwth the program, it appears what they were really pissy about was the specific flouting of the defunding law.
And another piece on the missing torture docs this one by Scott Horton
http://harpers.org/archive/2009/09/hbc-90005793
Makes you wonder how it is DOJ “knows” they haven’t used the lone wolf provisions vs. someone just “losing” the info?
The good news is, in trying economic times, the three little kittens have landed work at the DOJ. I guess when you have the right skill set …
Horton is right.
If anything, Horton may understate the case.
“We are witnessing a shocking double standard. Justice Department and CIA actors are held to a far lower standard than an ordinary citizen would be. That was the case throughout the Bush years, and there is no evidence of any change under Barack Obama and Eric Holder.”
No one out in the regular folk land “shocked” by this double standard. No one. This is what we expect. A congress and a system that holds Presidents accountable for lies under oath about blowjobs…Republicans going after Acorn while they allowed those who shoved a WMD intelligence snowjob down the throats of Americans and slip off the dock to hold the people who ordered laws to be re written, those who rewrote and those who implemented those rewritten laws by torturing.
No this is exactly what the peasants expect. Serious “double standards” applied. And that is exactly why this country is rotting from the inside.
Until the public sees Holder, Obama, Leahy, Whitehouse etc mean what they say “no one is above the law” the stench from this internal rotting will continue to permeate the air
[muttering]
electronic dirty war
allow me to translate;
“if they had any CLUE what the administration was doing they will go BALISTIC”
or more to the point;
“now that a black man has the power we gave to bush you bet nobody’s going to allow it”
A lot of commercial users of the data would probably want regular refreshes, since one snapshot probably doesn’t do them much good for figuring out how to get your last dime.
They might be willing to do/pay quite a bit to keep access to a rich dataset like we’re inferring. IOW if you think the health care buyorama has been mind-blowing, just wait …
Isn’t this TIA, or Son of TIA? It certainly looks like what we’ve talked about before in past EW threads.
I drift-net the Database of ‘live’ monitorable traffic – domestic and international – loaded with my already identified ‘targets’ – and then I ‘pick-up’ and identify to the third(?) degree, any associated ‘new targets’.
Then – after assigning each ‘new target’ a Unique ID and masking any personally identifiable information – Sub-sets taken from the Set of All the ‘targets’ are then searched for recognizable patterns of interaction between them that might indicate the potential for ‘Terrorist’ Activities – this could include Physical Association, Financial Association, Ideological Association, etc – Whatever ‘data-types’ I could compile on the ‘targets’.
When the patterns of association reach a threshold level, indicating a ‘threat’ meriting further investigation, the involved ‘targets’ then have their Unique IDs Resolved back into their Personal Identities and matched to the Problematic Issues discovered through the Entity Analytics Programs.
Presumably, human decision-making then leads to NSLs or 215s for further investigation.
So, it’s possible, if not probable, that the Drift-netting and Data-mining were/are being done double-blind to mask Personally Identifiable Information on Individuals into Unique Impersonal IDs, that then have their behaviors ’sifted’ for tell-tale signs of ‘ill-intent’.
This is Not Really Different than the thought processes behind Racial Profiling, for instance, and is subject to All the Abuses Possible on the part of Targeting Systems Based on Suspicion – the Integrity of the Targeting Process is the Only Thing preventing Mis-use on the Scale of Big Brother.
Mis-used, Bush could easily have manipulated any rules-based system to ‘target’ or ‘reverse target’ –
– his Political Opposition
– his own Minions
– the Wealthy
– the Military
– the Press
– Critics
– Regulatory Agencies
– the Courts
All on the basis of his Un-questionable ‘Suspicion’ that National Security was at-risk. We’re talking about Bush, the guy who was designating ‘enemy combatant’ status to completely unknown people on hear-say, and never allowing it to be questioned. To Bush, the whole world was a battlefield – in the breath-taking Scope of the Program, he said he was distinguishing between domestic and international, Citizen and Foreigner: but all signs say that Bush divided his Whole World Ideologically, into Loyalists and Enemies – and would have been Most Likely, imvho, to have ‘identified’ Threats accordingly, not trusting Anyone.
So, if We are wondering just what kinds of Abuse would be possible between the Combination of a Telco-fed TIA-like Database, and Targeting Programmers Loyal to an Unquestionable Bush, operating without fear of Congressional Oversight or Judicial Review – secretly boot-strapping gagged, un-auditable NSLs and 215s based on Suspicion – then the Potential for Abuse would be directly related to the Integrity of Bush, himself.
Properly constituted, administered, regulated and overseen – which Bush’s Program does not appear to have been – but, properly constituted, administered, regulated and overseen, imvho, a Program like this could potentially deliver both the Early-Warning of Possible Impending Terrorist Activities and Protection for the Rights and Privacy of Every Citizen in accordance with the Constitution – at the same time.
But, it would have to be a Program as Sensitive and Important as All the Gold in Fort Knox, and it would have to be Over-Engineered to Protect Against Mis-use in such a way that it Featured Auditable Re-assurances of Trustworthy Use.
Without built-in safeguards, even one Questionable Use of the Program under Bush – like al-Haramain – calls into question the Entirety of the Program under Bush.
I think that Cheney, if not Shrub, did. And was willing to tell them that he was doing it, in order to keep them in line.
The comments system is quirky lately. (Yes, I’ve checked my s/w, cache, firewall, etc.)
The English schools and car insurance examples I used @25 and @31 also illustrate how the government uses a legislative tool – tying a valid public concern everyone might agree on, such as child safety and drivers who lack insurance – to programs the government wants to implement for other reasons, such as propagating its databases.
About 160 deaths occur each year in the UK involving drivers without insurance. A tragedy for those involved, without question, and there are other, less intrusive programs that already monitor car ownership and insurance maintenance. The government’s national system is a blunderbuss aimed at the other end of the stadium. It involves real time, co-equal access to insurers’ databases, the government sending of late notices and automatic fines potentially leading to imprisonment, based on assumptions and not actual use of a car. It is an expensive and gross overreaction to the stated problem.
The same is true with collecting intrusive data on all persons entering school grounds for anything other than picking up their own child, particularly when you add the work of policing the system to the new system itself. Less intrusive and less expensive programs would balance safety with privacy, without building another bureaucracy and legitimizing such detailed intrusions into daily life.
The aims seem designed to benefit government ministers – covering their backsides against inevitable tragedy or scandal, engrossing their power and budgets – more than they seem designed reasonably to protect the daily lives of average citizens. I think that’s true to a greater degree in the US, where there is much more privatization of these schemes.
Have noticed that piggybacking tendency here, to the extent that when some new concern that always seems to be along that public-private interface surfaces, I start looking to see what encroachment is to be justified.
Must go for a while.
[Big traffic problems at this end today, and
noflaky preview all of a sudden — this responds to BoxTurtle @ 30]I can see how that might catch something in the net if you’re starting with a red flag characteristic (large purchases of an explosive) and looking through for the outlier cases within that set.
However sketchy descriptions that have come out from time to time since the matter came up have suggested undirected sifting through large quantities of data in search of some supposedly incriminating pattern. After all, if you want to be able to survey people on the basis of some known marker like large quantity purchases of potentially hazardous materials, it should not be necessary to vacuum up all the phone traffic or whatever through some collection point.
Addendum: Yeah, I’m assuming that if anything the private sector is even more interested that gov, and will try to be harder to put off.
I did oversimplify. The more information you can sift, the more accurate your selection will be.
Boxturtle (They’re trying to justify the widest net possible, not the smallest)
Well, yes. I’m talking about the seed for the bootstrap, which in the descriptions around and about a couple of years ago seemed to be missing.
If you have a reasonably justifiable seed, i.e. some previously defined behavior that can be suspicious, then seems to me you could find a way within constitutional constraints to build a control or a population to bootstrap on. (I presume one would do something like a bootstrap operation to estimate the liklihood of a given suspicious vector.)
Even for the intermittent building of control samples to have on hand, exhaustive collection at will seems unjustifiable enough to explain the amount of secrecy and lying we have seen.
Even large purchases of explosives might be innocent–and are likely to be if extracted uncritically from a large volume of data. But consider a more likely case.
Terrorists are unlikely to be able to buy dynamite or TNT. They are more likely to make explosives from other materials, such as high-test peroxide and acetone or ammonium nitrate fertilizer and fuel oil.
If I have a magic database that aggregates all purchases of such materials and treat them as terrorist plots, I am going to waste a lot of time, hurt a lot of people, and in all likelihood miss any real terrorists. The selection criterion–purchase of the listed matrials–is too unfocused. So it produces a high rate of false positives. I get lots of mining engineers who are licensed to make ANFO. I get farmers who never consider mixing their fertilizer with the diesel for the tractor. I get lots of chemical labs that happen to use 90%+ peroxide and organic compounds. I probably get lots of people that buy nail polish remover and 3% peroxide at the drugstore.
To actually find a terrorist who is buying any of the chemicals, I have to know that there is a terrorist and have an identity to work with. I have to look for a known suspect buying the high-test peroxide and the prue acetone, so that I don’t waste time investigating every cosmetics-counter patron.
Yep. We have blunderbusses shooting at targets across town; the shot won’t come near, but will hurt a lot of people in between and cost a lot of men, money and resources, and violate a host of privacy, speech, association and assembly rights, and generate mountains of useless data (except to the contractors and commercializers who work with it).
Naturally, some of that data might be useful whenever a real terrorist and credible plot are identified. But it’s a very expensive, intrusive system when much less is needed and justified. It’s an arsenal of resources built to deal with Cheney’s paranoid delusions. Being delusions, they’re not really capable of rational explanation or amelioration. At best, the dog keeps chasing its tail.
The data isn’t any more useful to the contractors than it is to the government. It is noise, pure and simple. You cannot draw meaningful or useful conclusions from static, no matter how you filter it, amplify it, or interpret it.
I have a very common name and wide exposure to commercial data keeping, for various reasons. I am thus frequently the target of predictive marketing schemes of various kinds that are all alike in one respect only: they are wildly off-base. Data integrity is very poor in most of these data bases, largely because it has never occurred to anyone that it is important. As a result, my records are randomly munged together with those of others with similar names. As databases have been aggregated over the years, munges have been munged with munges. Remember the kids’ game “Whisper down the lane”? It works like that.
As a result, marketers are confidently able to assert that I am both a Democrat and a Republican, a labor activist and a financial VP with a Fortune 500 corporation, a gay man, a high-performance car enthusiast (I drive a 2002 Prius), and various other things. I have had an unfamiliar insurance company approve a colonoscopy for me in a city 1000 miles from where I live by a doctor I have never heard of but, curiously, on a street a few blocks from a place I lived 30 years ageo. I have been investigated for a homicide, flunked out of college despite a 3.2 average, denied a mortgage without explanation at one bank and enthusiastically granted one at another in a matter of hours. Once the Bush decided to use commercial databases for security, I ended up on the anti-terrorist no-fly list.
In effect, the real me has become invisible. To the idiots in the great corporate/government machine, the nonsense in their files is more real than reality. In the colonoscopy incident, the insurance call center actually asked me if I was sure that my Social Security Number wasn’t the one they had listed!
So paranoid delusions are not the problem. Pig ignorance and willful stupidity are. The IT dragnet renders individuals invisible, so real terrorists cannot be systematically ingled out and caught. Instead, the system designates random persons as terrorists because their very, very common names match a list.
If you haven’t already seen the movie Brazil, you should. Just don’t go to the one with the bowdlerized happy ending.
It’s not just utility of the information, it’s the revenue possible from obtaining, storing, “analyzing”, packaging, repackaging and using it that counts. Error-ridden data can still generate vast sums of money.
Corporations are subsidized in developing tools that almost certainly have considerable commercial applications, especially as more and more business and social networking goes digital.
The government has a poor record in contracting. An open question, over and above service fees from the government, is to what extent service contracts allow contractors to use the data themselves, be it raw or analyzed, whole or excerpted, purportedly anonymized, or the tools themselves. The potential to generate commercial income is enormous.
O/T: Rockefeller’s amendment just lost 8 – 15. Schumer’s up next.
Dan Rather’s lawsuit tossed, but will be appealed.
A unanimous decision. Simply devastating.
bmaz, your teaching “moments” these past few weeks have been fantastic. Often appalling, but always riveting.
In fact, Marcy and the gang have provided some of the best insight and perspective available anywhere, on an ever-expanding number of levels all dealing with the relationship between a government which identifies itself with the “interests” of the elite, too-big to fail empire builders and the political class, wholly owned by the elite, and a people who have been deliberately kept ignorant and busy while the wealth and principles of the nation have been stolen away.
The legal profession, seemingly, is at a crossroad, a moral crossroad, regarding the rule of law (and the apparently “quaint” notion that “no one is above the law”).
It has been a hope, however forlorn, that some members of the judiciary might have the courage to stand when and where Congress has not.
The descriptions and well-informed speculations regarding the coming showdown before Walker, places the government (representing the interests of the “government” and decidedly not those of the “people”) in the position of simply refusing to “play” and going on their merry way …
What power, ultimately, does the “judiciary” actually have, if Congress, through whose hands every bit of legislation that could, yes, could, make an actual “difference”, from campaign-finance reform … to the extension of specific statutes of limitation,refuses to “back” the judiciary? Especially considering the Robert’s Court’s predilections, how might a lower court force anything more than a little embarrassment on a group who are quite unfamiliar with shame, as well as being the most powerful people (or “persons”) on the planet?
And, assuming the absolute worst, that secrecy prevails, that only those who work for established news organizations speak the truth, that “it is not torture if we do it” and that a Sunstein-ly “looking forward” is the order of the day, it may reasonably be assumed that “noxious pressures” within the legal profession will continue to fester … to say nothing of the fate of the nation.
DW
The HuffPost excerpt doesn’t include the Appellate Division’s reasoning for tossing the case. It simply quotes the part where it states that the lower court’s ruling, allowing the case to proceed, was in error. No doubt, an opinion from the Court of Appeals will be sought.
[The terminology for NY state courts can be confusing. The initial, trial court is confusingly called the Supreme Court. The intermediate appeals court is the Supreme Court, Appellate Division. The state’s highest court is called the Court of Appeals.]
Confusing? Now, why would you say that?
Seriously, thanks much for the explanation.
Doesn’t every state work that way?
OT – Judge Kollar-Kotelly writes an opinion on the Fouad Mahmoud al Rabiah detainee case that was pending before her.
Even with the redacts, it’s not a love letter to DOJ
https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2002cv0828-645
The guy’s habeas has only been pending since, oh, say, May, 2002.
And despite the Sup Ct dicta that maybe it might be ok to give the gov the benefit of a presumption in favor of its evidence (yes boys and girls, our sup ct did say that – but luckily in dicta) Judge Kollar-Kotelly isn’t sold.
I can’t imagine why.
Oh- well, that might explain part of it. She also has to redact, but mentions two different transcripts of the same interrogation which pretty much completely contradict each other.
Kinda like looking for the missing classified documents in the ACLU case. I guess the DOJ thinks the Writ of Ooops has been vastly underutilized and they want to make up for it.
You have to wonder what goes through the minds of gov lawyers when part of what is getting put in the record is this:
emph added
and you are doing everything in your power to shape those forces with depravity instead of justice. I can’t wrap my head around it.
And yet again we have the mistaken identity issue crop up
It goes on and on.
Well, that opinion is a thing of beauty, and I hope it goes on to be a joy forever.
Is there anyone in the White House right now who is known to be a reader? I mean someone capable of distinguishing levels of rhetoric and recognizing the power of the real thing?
States have similar tiers of trial, intermediate appellate and final appellate courts. States are not uniform in their use of names and some have specialized courts to hear criminal versus civil appeals, but NY’s names are not common. The trial court is more commonly the “superior” or “common pleas” court. The intermediate appellate court is often called the “court of appeals”. The court of final appeals is typically called the state supreme court.
The tiers in the federal system are the District [trial] Court, the Circuit Courts of Appeal (comprised of many districts and several states each), and the Supreme Court.
The trial court hears the full case: the parties, witness testimony and written statements, documents and physical and other evidence that is admissible – can be considered by the judge and/or jury – because it complies with detailed rules of evidence.
The jury and sometimes the court make determinations of fact; the court makes judgments as to the law. Under normal circumstances, the issues that can be heard on appeal relate only to questions of law, including the admissibility of evidence and the correctness of the laws as stated or used by the judge.
Yeah, New York is completely goofy in their court nomenclature. The standard is Superior Court for trial level, then Court of Appeals, then Supreme Court as the highest level of state appellate jurisdiction.
49/50 and related
Take a look at the “Convenience Store Initiative” described by TPM
http://tpmmuckraker.talkingpoi…..hp?ref=fpc
and you’ll see the other fun aspect. They only went looking for terruhists, but since they could search around without probable cause, they were able to dragnet in some regular everyday meth criminals.
Well, isn’t that special? Jeebus. Sad part is the AUSAs apparently thought that not only was the illegal program just hunky dory, they also thought it was a brilliant idea to co-opt the info to arrest and prosecute on standard crimes. Holy crap. Unbelievable. Of course, in Northern Mississippi, the judges likely think it is all good too.
I wonder whether the Section 215 concern might refer to a relatively recently created generator of geographic information, namely that all 3G mobile phones are capable of continuously transmitting their GPS location coordinates to the carrier’s radio network (AT&T Mobility etc.). It’s a built-in part of the way the phone stays in contact with the cell sites, like how it displays the little antenna bars. This means whenever you’re carrying your phone, even when not making calls nor using its internet features, the carrier is fully able to track your precise location, in real time.
So… if they save that location information stream for later data mining… and then when mined, if they plot it out on a map… they’ll have a detailed trace of exactly where you went, and exactly when you were there, all day, every day, for as long as you’ve owned your 3G phone and as long as they’ve saved the data. Think about that.
This kind of Hoovering/mining would be totally doable technically — not just for certain selected subjects, but for everybody. Much easier than Hoovering all the conversations for later mining would be, in large part because the amount of data generated by the GPS coordinate stream is so much smaller than conversational audio. And yes, if we found out this had actually been going on, then we citizens would all go ape, and would be absolutely right to do so.
Now, if Hoovering of location traces really were going on — and I stress that I have no first hand knowledge of this, I’m purely extrapolating from commonly known information about the 3G networks — then let us further consider how this might relate to the process of finding connections to suspects. All they would have to do would be to define being in the same place as a suspect, at the same time, as equalling a connection to that suspect. Because then all they have to do is to get some controllable suspect to linger outside your home or office while you’re there. When the suspect’s location-trail is automatically traced by the data-mining process, it’ll find the intersection with your own location-trail… and bang, now you’re fair game and they can investigate everything in the world connected to you.
Insert obligatory Kevin Bacon degrees-of-separation joke here.
This is really sick stuff.
As another IT guy, I think boxturtle is on the right track here. I was always under the impression that the NSA program was keeping EVERYTHING on everyone and a warrant(NSL, etc.) became an authorization to access the data to seek information on a specific individual (company, etc.). It’s been a while since it was in the news, but all the tech sites were describing a splitter that dumped 100% of all information on the trunk into the NSA system.
This view has been reinforced by several discussions here where data collection deficiencies seem to be based on expansive search parameters. There does not seem to be any link between the authorization to “collect” information and the time period across which said information is available.
I though the controversy was the redefinition of “collection” from meaning physical storage and retention to meaning “extraction” from the unified database into a case file (probably not the best verbiage here). In other words, they would be keeping a copy of all network communications (data/voice), but need authorization to access them.
Do I have this all wrong?
I think that along with the redefinition of “collection,” EW has also extensively covered the weakening of “minimization” rules to allow for potentially indefinite retention of the collected data.
What you are saying, imho, sounds as good as anyone else’s guess. As I envision your description, there would be a huge database of person-data – probably contracted out to Private Companies empowered to collect every legally-available piece of ‘information’ on all 300 Million Americans – which is then used to populate Profile Templates on each of US – the G-man’s Facebook File, so to speak.
Separate from that would be another Database containing the uniquely-identified-but-impersonal meta-data – probably every externally knowable fact about you – tracked in real time; ie – not the ‘content’ of your e-mails, but everything else about them that could be gleaned from a header file, for instance.
The ‘behaviors’ of the meta-data are then sifted and crunched for ‘patterns of interest’ to identify potential ‘threats.’
When these Pre-Cog (to use the term from Minority Report for ‘future crime prediction’) Entity Analytics Programs roll-out a “Suspect’s” Unique ID – that ID is then cross-referenced to the Suspect’s Person Data – creating a case for human review and disposition, evaluating whether there is ‘probable cause’ for further action.
Imvho, it ‘could’ be a clean, legal, effective Program that both identifies threats and protects Citizens within the Constitution, but the Targeting Algorithms and the interface between Suspicion and Probable Cause would have to be over-engineered for the utmost integrity, imvho, to protect from the potential of Society-Enslaving Abuse.
Not exactly. At the backbone level, every bit of data on the network is carried across the same pipe – voice and data. It is encoded differently depending on what type of line it’s running through, but as a simplified explanation, this data comes across in packets that have the source circuit, destination circuit, and actual data. They would really just need to store the packets. Then they could be pulled later based routing information(e.g. ANI/DNIS in telephony) and the stream could be “replayed”.
My understanding … and I’m not even sure where I got this now that I think about it … was that the raw packet data pool was considered “untapped” (or nonexistent) and isolated somehow. It would be considered “off limits” without a warrant. A warrant would give the right to access the data associated with an IP, phone number or whatever across whatever time period was authorized. Then a search would be executed and the data decoded (technically, you could fool normal hardware into thinking it was a “live” stream or you could do it all in software) to create a “local copy” based on the defined criterion (IP/ANI/DNIS/etc.). That copy would be subject to retention and handling laws, but the underlying data store from which it originated is like vapor; it isn’t considered “collected” until someone asks for the information.
The point of it would be to let law enforcement/intel go back and see what someone had done in periods of time before they were even identified as a target. Communication reconstruction.
At least that’s how I always thought what they were doing worked. Again, I can’t remember all of the pieces that came together to make me think this.
Well… I have assumed, perhaps wrongly, that simply Hoovering-up the whole of the backbone traffic would simply be too much data to store, especially for long times. So you might use a large bank of filters to reduce that firehose to the data rate of, say, a couple T1’s — representing just the IP packets traveling to/from persons of interest or of potential interest — and warehouse that ’til such time as any actual datamining is performed. Of course the filtering gets trickier when the subject is on a dynamic IP line, or moving around between open wifi stations (and maybe when on a mobile phone and moving between cell sites, though the built-in ‘lawful intercept’ facilities in 3G networks most likely automatically handle that).
But I could be wrong, there could be mass storage technologies not publicly known. One of the things NSA is is a huge, well-funded, richly-talented, utterly secretive, tech shop.
A day’s worth of US voice data(64Kbps) (based on 2004 levels +15% as a guess) would fit on 8 of these things loaded down with 2TB drives for around $50K over-the-counter retail (assuming a 4:1 data compression). That would be around $18,250,000 per year for ALL voice traffic in America retail and fill a small data center. That seems VERY doable. And the government likely has access to higher density drives (say 10-20TB) and likely get better compression.
Storing 100% of all internet data transmitted is where things get big. All Email/texts and web pages wouldn’t be unreasonable to store at all. But by the time 6gb torrent downloads are factored in that seems a bit much. I would not be surprised at a rules based system. i.e. 1)any traffic to/from active targets 2)all text messages 3)all email messages 4)all http pages 5)scan all images for potential encrypted messages and keep hits … etc. That’s the kind of information that would be a huge security issue *if* the system works as I have imagined – knowing huge torrents aren’t generally kept, someone could just hide messages in massive files and send ‘em that way.
The cell stuff drops into the backbone after the tower(I think you already know that). A properly positioned series of collectors should get pretty much everything. For data, they probably just use a mac address to filter device-specific traffic for dynamically allocated/changing IP addresses (no matter what the collection scenario).
The government has been securing some HUGE (think football fields) data center facilities located at the nexus of power grids. If they wanted to drop a few billion per year they really probably could keep everything if they wanted to with just regular hard drives. If the system were to go solid-state it could increase physical density, reduce heat and kill power consumption. I don’t think we can necessarily rely on “too much to keep.” The technology seems to be there.
That said, again, I’m not 100% on where this belief came from. I’m going to have to do a bit of retracing my steps. Hell, Marcy may have some tidbit of info that can refute the thought out of hand (she has a way of doing that). That’s one reason I tossed it up here … I sort of thought mine was a generally common understanding of the program.
BTW that voice traffic estimate includes all minutes OUT of and IN to the USA.
marcy, thanks for keeping up with this, and too, thanks so much for keeping the caps in PATRIOT act! it might seem a small thing, but dammit, the frank luntz mentality that coined that diabolical acronym has earned his pay a thousand times over each time we see the act referred to as simply the Patriot act, as if that word and concept were all the legislation is about. in fact, despite my penchant for ditching caps altogether most of the casual time, i refer to this devastating piece of crap they call a law as the USAPATRIOT act.
and i try to call out printed slips of this linguistic worm wherever i see them. and express appreciation where that is resisted. so, thanks again.
Ashcroft once acknowledged (pdf) in HJC testimony that Section 215 permits FBI collection of ”genetic data” from innocent people, presumably via sneak-and-peeks. It seems reasonable to speculate that a database full of ”tangible items” like DNA and similar TIA-like material might be the sort of thing Feingold is uncomfortable with.
Well, I was talking about backbone, not phone.
Just checking your phone numbers…
16 x 2TB x 8 = 256TB = 256,000,000,000,000 bytes
64kbps at 4:1 = 16 kbps or 2,000 bytes per second (per conversation)
256,000,000,000,000 / 2,000 bytes per second = 128,000,000,000 seconds of conversation
128,000,000,000 / 60 seconds per minute = 2,133,333,333 minutes of conversation
2,133,333,333 / 274,500,000)* phone talkers in the US = average of 7.77 minutes on the phone per person per day
So yes, the phone part seems ballpark-reasonable +/- an order of magnitude or so. So thanks for that — though I have to say that realization is chilling as hell.
I guess you mean mobile and assume MAC address uniquely IDs the user handset, whereas I meant the wired internet via ISPs etc. with dynamic IP addy, and there of course no end-user MAC addresses are even there for IP packets after they pass upstream from the LAN through the gateway. I’m 100% sure there are mechanisms for uniquely ID’ing all streams terminating with a particular mobile handset, but don’t know whether Ethernet frames and MAC addresses is the specific mechanism.
Huh. I know they need AC, but makes me wonder: Are they collecting domestic surveillance data and then transmitting it over the power lines?
Or at a minimum will be there soon enough. Yes, I agree, in fact that’s where I wound up @65.
* Figure approximated based on data from here – 90% of 305MM is 274.5MM