January 10, 2014 / by emptywheel


John Inglis Explains Why (US-Based Collection of) Internet Metadata Doesn’t Work

Steve Inskeep got a very long interview with NSA Deputy Director John Inglis. It suffers from the same problem that just about every interview the NSA has done since the Snowden leaks started has — because the NSA will only allow friendlies or non-beat writers to do interviews, NSA can avoid many real questions and falsely represent the facts (such as, just one example, what the Review Group really said about the legality of NSA’s programs).

But Inskeep did a good job, and succeeded in doing something that no one else has: get a real explanation for why the NSA gave up its (US-based collection of) Internet “metadata.”

Inskeep starts by suggesting NSA was unable to meet the requirements of the program. But Inglis insists that wasn’t the problem. Rather, it was that Internet companies keep no billing records for individual emails.

INSKEEP: And it was abandoned because it was too hard to comply with the safeguards and because it was judged not to be practical, it wasn’t worth the cost.

INGLIS: It was abandoned principally for the latter reason, which is it was just too hard to make operationally workable. In theory, and especially given that people move more and more to emails, right, that kind of communication, in theory it would be even more valuable to try to detect a plot that moves from a foreign domain to a domestic domain using email metadata. The challenge is, is that the business model within the private sector doesn’t support that. You and I grew up in an America where there were local calls, long distance calls, and the telephone company made their money by charging you for the number of local calls or the number of long distance calls for some duration. And for that reason they tracked that information. You could go to the telephone company and say, how many calls and what number called what number.

And they would actually track that with great precision. Email didn’t get its start that way. The first email account I had from a company with three letters said, for $6.95 a month you can write a million emails or one email, we don’t care. We’re going to send you, sell you a bandwidth. And so there was no material business interest on their part to track the metadata. They just wanted to sell you access to the pipe. Given that that information it doesn’t exist, it’s hard to recreate it. It became operationally very difficult to do that. It is theoretically possible, but very expensive. And we’ve decided in late 2011 that while we thought we could meet the requirements of the court, we were quite confident that we could, the only way we could proceed was in so doing, that it was operationally too difficult to do that because the business model was so different.

Ultimately, of course, Inglis is confirming Inskeep’s first assertion: that the NSA couldn’t meet the Court’s requirements that it not collect content that is also routing information, because the telecoms, from which NSA collected this data, only had access to the data the NSA wanted at a content level.

NSA could meet FISC’s requirements. But to do so gave them little meaningful data, because the telecom level of content isn’t all that useful.

Of course, they can collect that data elsewhere, in places where such content-based restrictions aren’t in place.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2014/01/10/john-inglis-explains-why-us-based-collection-of-internet-metadata-doesnt-work/