Contractors Already Have Access to the Phone Dragnet
In today’s HJC hearing on the NSA, there was extensive discussion about the risks of outsourcing the dragnet to the telecoms or — especially, to a third party holding all the data. It’s a concern I share.
That said, not a single person at the hearing seemed to be aware of this footnote, which has been in the phone dragnet primary orders since at least last April.
5 For purposes of this Order, “National Security Agency” and “NSA personnel” are defined as any employees of the National Security Agency/Central Security Service (“NSA/CSS” or “NSA”) and any other personnel engaged in Signals Intelligence (SIGINT) operations authorized pursuant to FISA if such operations are executed under the direction, authority, or control of the Director, NSA/Chief, CSS (DIRNSA).
If this language left any doubt that it permits contractors to directly query the database of every single phone-based relationship in the US, this language from Dianne Feinstein’s Fake FISA Fix bill report (which aims to codify the status quo) should eliminate them.
The Committee believes that, to the greatest extent practicable, all queries conducted to the authorities established under this section should be performed by Federal employees. Nonetheless, the Committee acknowledges that it may be necessary in some cases to use contractors to perform such queries. By using the term “government personnel” the Committee does not intend to prohibit such contractor use.
Contractors already have access to the dragnet.
If it presents a security threat to have contractors from Booz Allen Hamilton or some other intelligence contractor to have direct access to the dragnet, then we need to shut the dragnet down.
Because they’ve already got it.


Where the data is held is a distraction. While I would prefer it to NOT be held at all, technically it makes no difference.
The 3 options I can think of are:
1 – let the technology companies, that create it, hold it in separate silos
2 – let a single company hold it
3 – let the Government hold it
We know what happens when the 3rd option is used. The 2nd option has major risks. So, the 1st option seems best.
BUT, it really doesn’t matter.
The issue is lack of over sight. Any of the options without over sight is not really palatable.
So, what solution exists to address over sight. The technical answer is to log ALL access to the database(s) and provide the log to a third party. Any suggestions?
This log would create the required over sight mechanism. It could even be used to replicate the database(s) and do so in real-time.
BUT, once collected, all options create an opportunity for abuse. There is no getting around that.
Well, yeah — contractors the NSA likes (meaning “controls”) have access and that’s just fine; it’s only when some third party contractor might have access which required the NSA to ask permission or be subject to some sort of oversight that the contractors should not be trusted implicitly. Right?
Gee, you’re definitely gonna piss somebody off if you keep quoting their own documents back at these malevolent numbskulls to demonstrate the holes in their assertions…..
Collecting the data in the first place is unconstitutional.
Either we revert to our constitution or we stick with totalitarianism.
It’s clear that the economic players, the ones who’ve captured our political system, have embraced and extended the totalitarian route.
Look at the people lined up at the trough : Mike Rogers’ wife, Hayden, whatshisname who ran Homeland Security for Bush … and the Seven Sisters : Apple, AOL, Google, Facebook, LinkedIn, Microsoft and Yahoo.
Microsoft, Facebook, Google and Yahoo release US surveillance requests
What are the chances of a Googlish Edward Snowden standing up and doing the right thing? Zero to none.
CISPA, written by Google, provided for exactly this kind of privatized totalitarianism. It’s like the TPP and its trans-atlantic counterpoint.
The TNCs über alles. And things are speeding up … Germany and Japan are both rapidly re-militarizing and this time the USA is the pivot in the Axis.
Further to the over sight issue. If adequate over sight was in place one can imagine that the reams of dragnet specific laws could virtually be discarded.
After all, the legal system has been built up over hundreds of years and largely addresses privacy, civil and human rights issues. It is only the lack of over sight that has necessitated all these dragnet specific ‘exceptional’ laws.
Create good over sight, use the existing laws to ensure abuse is not occurring and discard the ‘exceptional’ dragnet specific laws.
@Greg Bean (@GregLBean): Maybe it’s all in the semantics again — what we would call “over sight”, the NSA and DiFi would call “over look”. As in, “Congress and the courts are expected to over look whatever NSA does.” That would explain a lot.