NSA Failures and Terror Successes Drive the Dragnet

/8 Comments/in /by

Ryan Lizza has a long review of the dragnet programs. As far as the phone dragnet, it’s a great overview. It’s weaker on NSA’s content collection (in a piece focusing on Ron Wyden, it doesn’t mention back door searches) and far weaker on the Internet dragnet, the technical and legal issues surrounding which he seems to misunderstand on several levels. It probably oversells Wyden’s role in bringing pressure on the programs and treats Matt Olsen’s claims about his own role uncritically (that may arise out of Lizza’s incomplete understanding of where the dragnet has gone). Nevertheless, it is well worth a read.

I think it most valuable for the depiction of Obama’s role in the dragnet and its description of the ties between the war on terror and perceptions about the dragnet. Take this account of Obama’s decision not to embrace transparency during the PATRIOT Act Reauthorization in 2009-10. Lizza describes Wyden pressuring Obama to make information on the dragnets available to Congress and the public (we know HJC members Jerry Nadler, John Conyers, and Bobby Scott were lobbying as well, and I’ve heard that Silvestre Reyes favored disclosure far more than anyone else in a Ranking Intelligence Committee position).

But then the UndieBomb attack happened.

The debate ended on Christmas Day, 2009, when Umar Farouk Abdulmutallab, a twenty-three-year-old Nigerian man, on a flight from Amsterdam to Detroit, tried to detonate a bomb hidden in his underwear as the plane landed. Although he burned the wall of the airplane’s cabin—and his genitals—he failed to set off the device, a nonmetallic bomb made by Yemeni terrorists. Many intelligence officials said that the underwear bomber was a turning point for Obama.

“The White House people felt it in their gut with a visceralness that they did not before,” Michael Leiter, who was then the director of the National Counterterrorism Center, said. The center was sharply criticized for not detecting the attack. “It’s not that they thought terrorism was over and it was done with,” Leiter said, “but until you experience your first concrete attack on the homeland, not to mention one that becomes a huge political firestorm—that changes your outlook really quickly.” He added, “It encouraged them to be more aggressive with strikes”—drone attacks in Yemen and Pakistan—“and even stronger supporters of maintaining things like the Patriot Act.”

Obama also became more determined to keep the programs secret. On January 5, 2010, Holder informed Wyden that the Administration wouldn’t reveal to the public details about the N.S.A.’s programs. He wrote, “The Intelligence Community has determined that information that would confirm or suggest that the United States engages in bulk records collection under Section 215, including that the Foreign Intelligence Surveillance Court (fisc) permits the collection of ‘large amounts of information’ that includes ‘significant amounts of information about U.S. Persons,’ must remain classified.” Wyden, in his reply to Holder a few weeks later, expressed his disappointment with the letter: “It did not mention the need to weigh national security interests against the public’s right to know, or acknowledge the privacy impact of relying on legal authorities that are being interpreted much more broadly than most Americans realize.” He said that “senior policymakers are generally deferring to intelligence officials on the handling of this issue.”

Curiously, Lizza makes no mention of Nidal Hasan who, unlike Umar Farouk Abdulmutallab, actually succeeded in his attack, and like Abdulmutallab, had had communications with Anwar al-Awlaki intercepted by the NSA (and FBI) leading up to the attack. Weeks before the UndieBomb attack, Pete Hoekstra had already started criticizing the Obama Administration for not responding to Hasan’s emails to Awlaki, and Hasan’s attack led to more tracking of Awlaki (and, I suspect, Samir Khan’s) online interlocutors. I also suspect that, because of certain technical issues, the Hasan experience led to increased support for suspicionless back door searches.

But whether or not the UndieBomber alone or in conjunction with the Hasan attack was the catalyst, I absolutely agree Obama got spooked.

The question is whether Obama took the correct lesson from the UndieBomb, in particular. While the Hasan attack definitely led to real lessons about how to better use content collection (FISA and PRISM), the UndieBomb case should have elicited conclusions about having too much data to find the important messages, such as Abdulmutallab’s text to Awlaki proposing Jihad. (Note that Hoekstra’s blabbing about the Awlaki taps may have led AQAP to encrypt more of their data — as Awlaki was alleged to have done with Rajib Karim — which would have led to legitimate concerns about publicizing NSA techniques.) With the UndieBomb, NSA purportedly had advance warning of the attack that didn’t get read until after the attempt. Why not? And why wasn’t that Obama’s main takeaway?

And the National Security people still seem to be taking the wrong lessons. Here’s Matt Olsen and DiFi’s version of the National Security crowd’s latest fearmongering, that we need dragnets even more so now because the terrorist group has dispersed.

As core members of Al Qaeda were killed, the danger shifted to terrorists who were less organized and more difficult to detect, making the use of the N.S.A.’s powerful surveillance tools even more seductive. “That’s why the N.S.A. tools remain crucial,” Olsen told me. “Because the threat is evolving and becoming more diverse.”

Feinstein said, “It is very difficult to permeate the vast number of terrorist groups that now loosely associate themselves with Al Qaeda or Al Nusra or any other group. It is very difficult, because of language and culture and dialect, to really use human intelligence. This really leaves us with electronic intelligence.”

Olsen says the problem is, in part, that Al Qaeda is “less organized.” DiFi says one problem we have “permeating” terrorist groups is language and culture and dialect and her solution to that is to use “electronic intelligence.” While electronic intelligence — and specifically metadata — provides a way to compensate for linguistic failures (the NSA uses structure to identify which are the important conversations), in terrorist attack after terrorist attack (as well as CW attack) we turn out not to have been watching the right content feeds. And if we don’t have the linguistic skills, we’re likely not going to understand the messages correctly in any case.

And these are less organized groups! Are they really any more effective than crime gangs at this point, and crime gangs in countries far away with little means to access the US?

But rather than saving money on the dragnet and working instead on shoring up our cultural and linguistic failures, this failure is instead seen as another excuse to sustain the dragnet.

It’s clear that terror — whether NSA has failed or not — serves as a evergreen excuse for the dragnet. The real question is whether it should.

Share this entry

World of Spycraft in Virtual Space

/17 Comments/in /by

The Guardian’s latest Snowden scoop describes how they decided to infiltrate World at Warcraft and other virtual gaming environments. As they point out, there’s no clear proof terrorists have used such space (though they were able to follow some credit card thieves into Second Life once). But what the heck? There’s metadata to be collected, so why not conquer it. As the original document describes,

GVEs are an opportunity! We can use games for: CNE exploits, social network analysis, HUMINT targeting, ID tracking (photos, doc IDs), shaping activities, geo-location of target, and collection of comms.

I’m particularly interested in the treatment of the propaganda and training value of virtual space. There, they focus on Hezbollah’s use of Special Force 2 to train potential recruits (and fundraise).

GVEs have been made that reinforce prejudices and cultural stereotypes while imparting a targeted message or lesson both from the Western point of view and in the Middle East. America’s Army is a U.S. Army produced game that is free download from its recruitment page and is acknowledged to be so good at this the army no longer needs to use it for recruitment, they use it for training. The Lebanese Hizballah has taken this concept and the same basic game design and made its own version of the game called Special Forces 2 (SF2), which its press section acknowledges is used for recruitment and training in order to prepare their youth to “fight the enemy”, a radicalizing medium; the ultimate goal is to become a suicide martyr. One cannot discount the “fun factor” involved—it is important to hold your target audience’s attention– and makes ingesting the message not even noticeable. SF2 features multi-player, online text and voice chat for up to 60 players simultaneously, effectively acting like a VPN or private chat forum. SF2 is offered at $10 a copy and so also goes to fund terrorist operations.

This was admission that we regard such games as legitimate war tools.

I immediately thought of Amir Mirzaei Hekmati, the Iranian-American ex-Marine sentenced to death by the Iranians while visiting relatives in 2011 (that is, well after this NSA document was written in 2008; his death sentence has since been overturned). At the time, public reports described the detention as a big misunderstanding over the role of Hekmati’s role in an online game company, Kuma Wars.

A Pentagon language-training contract won in 2009 by Kuma Games, a New York-based company that develops reality-based war games — including one called “Assault on Iran” — lists as a main contact Amir Mirzaei Hekmati, the former Marine from Flint, Mich., now on death row in an Iranian prison, convicted of spying for the C.I.A.

That $95,920 contract, and Mr. Hekmati’s military background, his Iranian heritage and some linguistics work he did for the Defense Advanced Research Projects Agency, help explain why the authorities in Iran, increasingly paranoid and belligerent about perceived American threats, had him arrested last August while he was visiting Iran for the first time.

[snip]

“They don’t want to say anything that might have negative repercussions,” said Michael Kelly, a spokesman for Mott Community College in Flint, where the father teaches. “Something that appears harmless here could be interpreted differently there.”

Sure enough, however, NSA treats Kuma Wars similar to the way it treated Hezbollah’s war game.

Kuma Wars is a U.S. owned company that offers realistic battle simulation of real battles in Iraq usually one month after they actually happened. The player can re-do maneuvers in a lessons learned way for training, or you can switch sides and see how it works from the opposite side. It also provides real terrain features, such as real road signs from real roads in Iraq, and a simulated night-vision goggles environment.

Meanwhile, the LAT reports the CIA’s NOC program has been a colossal flop.

If the US is going to treat all these platforms as the next battleground in the war against al Qaeda or Iran, we should expect Americans — innocent or not — to be treated as spies in that space.

Share this entry

Former Top NSA Officials Insist Employees Are Leaving Because Obama Is Mean, Not Because They Object To NSA’s Current Activities

/29 Comments/in /by

Ellen Nakashima has a story that purports to show 1) significant morale problems at the NSA and 2) proof that the morale stems from Obama’s failure to more aggressively support the NSA in the wake of the Edward Snowden revelations.

The story relies in significant part on former NSA IG Joel Brenner and two other former officials who insisted on remaining anonymous because “they still have dealings” with the NSA.

“The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it’s been carrying out publicly approved intelligence missions,” said Joel Brenner, NSA inspector general from 2002 to 2006. “They feel they’ve been hung out to dry, and they’re right.”

A former U.S. official — who like several other former officials interviewed for this story requested anonymity because he still has dealings with the agency — said: “The president has multiple constituencies — I get it. But he must agree that the signals intelligence NSA is providing is one of the most important sources of intelligence today.

“So if that’s the case, why isn’t the president taking care of one of the most important elements of the national security apparatus?”

[snip]

A second former official said NSA workers are polishing up their résumés and asking that they be cleared — removing any material linked to classified programs — so they can be sent out to potential employers. He noted that one employee who processes the résumés said, “I’ve never seen so many résumés that people want to have cleared in my life.”

Morale is “bad overall,” a third former official said. “The news — the Snowden disclosures — it questions the integrity of the NSA workforce,” he said. “It’s become very public and very personal. Literally, neighbors are asking people, ‘Why are you spying on Grandma?’ And we aren’t. People are feeling bad, beaten down.”

Does “still have dealings with the agency” mean these people still contract to it, indirectly or directly? If it does, how much of this contracting works through The Chertoff Group, where a slew of former officials seem to have had remarkably consistent interests in spreading this line for months? Nakashima might want to provide more details about this in any future of these stories, as it may tell us far more about how much these men are profiting for espousing such views.

After all, while they do provide evidence that NSA employees are leaving, they provide only second-hand evidence — evidence that is probably impossible for any of these figures to gain in depth personally — that the issue pertains to Obama’s response.

And there are at least hints that NSA employees might be leaving for another reason: they don’t want to be a part of programs they’re only now — thanks to compartmentalization — learning about

We can look to the two letters the NSA has sent to “families” of workers for such hints.

The first, sent in September (page one, page two, h/t Kevin Gosztola), got sent just 3 days after the release of documents showing NSA had been violating just about every rule imposed on the phone dragnet for the first three years it operated (partly, it should be said, because of Joel Brenner’s inadequate oversight at its inception). In the guise of providing more context to NSA employee family members about that and recent disclosures, Keith Alexander and John Inglis wrote,

We want to put the information you are reading and hearing about in the press into context and reassure you that this Agency and its workforce are deserving and appreciative of your support. Read more

Share this entry

Obama: My Overseas Spying Not Constrained by the Law I Passed as Senator

/12 Comments/in /by

In a democracy in which separation of powers still functioned as intended, this would be a deliberate provocation (my transcription):

The Snowden disclosures have identified areas of legitimate concern. Some of it has also been highly sensationalized and has been painted in a way that’s not accurate. I’ve said before and I will say again: the NSA actually does a very good job about not engaging in domestic surveillance. Not reading people’s emails, not listening to the content of their phone calls. Outside of our borders, the NSA is more aggressive. It’s not constrained by laws. And part of what we’re trying to do over the next month or so is having done an independent review — brought a bunch of folks, civil libertarians, lawyers, and others, to examine what’s being done — I’ll be proposing some self-restraint on the NSA and to initiate some reforms that can give people some more confidence.

Where to start?

First, it is false to say NSA does a very good job of not engaging in domestic surveillance. They’ve been caught doing so, on a programmatic scale, under Obama’s Administration, twice. At least one of those programs simply moved overseas after being caught. The President basically said that being caught twice illegally wiretapping thousands (under the upstream collection) and millions (under the Internet dragnet) of Americans domestically is a good job!

Add in the fact that NSA can read the content of collected US person communications with no Reasonable Articulable Suspicion, with no reporting requirements. That certainly amounts to the authority to conduct fairly unlimited amounts of domestic surveillance via the back door loophole.

And to suggest NSA is “not constrained by laws” overseas is equally false.

First, there’s the Constitution. Under that, even EO 12333 activity should come at the direction of the President. In this passage, the President says Snowden’s disclosures have raised legitimate concerns. I know ODNI and NSA will point to the National Intelligence Priorities Framework as their authorization on these activities the President now finds problematic. But if they’re doing things overseas that raise concerns, then it is an admission from the White House it has inadequate control of the NSA.

More importantly, it is false to say even that NSA is not constrained by mere laws overseas. Section 703 of the FISA Amendments Act — a law which Obama played a crucially important role in passing as a Senator — says NSA can’t wiretap Americans overseas without specific authority from FISC. Section 704 limits physical searches, which NSA uses to authorize collection from servers. As far as I know, no one has considered whether the deliberate collection of US person content overseas — albeit in bulk — complies with Section 703 and 704. But it at least lays out some limits on NSA’s overseas spying.

To all this, Obama’s solution is to propose self-restraint on the NSA.

Again, it is the role of the President — and the White House more generally — to oversee activities conducted under Article II authority. The language Obama uses here suggests an NSA unbound by his control, one he “proposes” to rein in rather than “orders” to do so.

That equates to NSA operating beyond the law, both here and abroad.

Share this entry

Why NSA Can’t Count How Many Americans’ Cell Location They Collect

/12 Comments/in /by

As bmaz noted, WaPo reported today that NSA has been collecting billions of phone records a day, including cell location information. Once again, when the NSA says it has stopped or doesn’t conduct a practice, it means only it has stopped the practice in the US, even though it still collects US person data overseas.

But the NSA refuses to reveal how many Americans’ data are being swept up.

The number of Americans whose locations are tracked as part of the NSA’s collection of data overseas is impossible to determine from the Snowden documents alone, and senior intelligence officials declined to offer an estimate.

“It’s awkward for us to try to provide any specific numbers,” one intelligence official said in a telephone interview. An NSA spokeswoman who took part in the call cut in to say the agency has no way to calculate such a figure.

An intelligence lawyer, speaking with his agency’s permission, said location data are obtained by methods “tuned to be looking outside the United States,” a formulation he repeated three times. When U.S. cellphone data are collected, he said, the data are not covered by the Fourth Amendment, which protects Americans against unreasonable searches and seizures.

A number of tech people are wondering if there’s some secret technical reason why NSA can’t or won’t estimate the number.

But the reason is almost certainly far more cynical.

In 2010 (sometime between July and October), John Bates told the NSA if they knew they were collecting content of US persons, they were illegally wiretapping them. But if they didn’t know, then they weren’t in violation.

When it is not known, and there is no reason to know, that a piece of information was acquired through electronic surveillance that was not authorized by the Court’s prior orders, the information is not subject to the criminal prohibition in Section 1809(a)(2). Of course, government officials may not avoid the strictures of Section 1809(a)(2) by cultivating a state of deliberate ignorance when reasonable inquiry would likely establish that information was indeed obtained through unauthorized electronic surveillance.

Then in 2011, Bates made them count some of their collection of US person content (he deemed it intentional collection, though they and their Congressional overseers still like to claim, legal opinion notwithstanding, it was not; the use of “tuned to be looking outside the US” is probably more of the same). And using the threat of labeling that US person content, he forced them to purge the information. But they somehow refused to count the larger amount of US person data collected intentionally, and NSA was permitted to keep that.

Presumably, the laws would be different on overseas collection, which would not count as “electronic surveillance.” Except that with Section 703 of FISA — which requires an order for collection on US person content overseas — there may be similar levels of protection, just via different statutes.

One thing the NSA has learned through experience with John Bates and FISC is that if you claim you don’t know you’ve collected US person data, a judge will not declare it legal. But if you admit you’ve collected US person data, then that same judge may threaten you with sanctions or force you to purge your data.

So there’s a very good reason why it’s “awkward” for NSA “to try to provide any specific numbers.” Doing so would probably make the collection illegal.

Share this entry

When Susan Rice Is Right, She’s Right!

/10 Comments/in , , , , , , , /by

gps31From the No Kidding Files, courtesy of Jason Leopold, comes this gem from vaunted National Security Advisor Susan Rice:

“Let’s be honest: at times we do business with govts that do not respect the rights we hold most dear”

Well, hello there Susan, I couldn’t agree more. Especially on days when I see things like this from the Glenn Greenwald and Pierre Omidyar Snowden file monopoly err, Barton Gellman at the Washington Post:

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.
….
The number of Americans whose locations are tracked as part of the NSA’s collection of data overseas is impossible to determine from the Snowden documents alone, and senior intelligence officials declined to offer an estimate. “It’s awkward for us to try to provide any specific numbers,” one intelligence official said in a telephone interview. An NSA spokeswoman who took part in the call cut in to say the agency has no way to calculate such a figure.

It is thoroughly loathsome that Americans must do business with a government that does this, and insane that it is their own government.

It is “awkward” to determine how many innocent Americans are rolled up in the latest out of control security state dragnet the United States government is running globally. Actually, that is not awkward, it is damning and telling. Therefore the American citizenry must not know, at any cost.

Susan Rice is quite right, we are forced to “do business” with a government that does “not respect the rights we hold most dear”

[Here is the full text of the Susan Rice speech today that the above quote was taken from. It is a great speech, or would be if the morals of the United States under Barack Obama matched the lofty rhetoric]

Share this entry

Scary Terror Metrics: Do Indicted “Terrorists” Really Measure Back Door Spying?

/8 Comments/in /by

Screen shot 2013-12-04 at 9.02.37 AM

Given how often fellow Michigander Juan Cole and I demonstrate what a mendacious hack Mike Rogers is…

Mike Rogers voted to give arms to the Syrian rebels. And while he may hope they don’t go to the al-Qaeda affiliates (as happened when Ronald Reagan gave $5 billion to the Afghan Mujahidin in the 1980s), he has no guarantee that won’t happen and is willing to take the risk. If Rogers were really, really concerned about the Jabhat al-Nusra, he wouldn’t be risking upping its firepower with Americans’ tax dollars as a justification for monitoring who your 15 year old daughter calls on her cell phone.

Let us say that again. Feinstein and Rogers just came on television to scaremonger the American people with the Syrian jihadis, and both of them voted to give the Syrian rebels millions of dollars in arms.

… You’d think some of the MI press might look into it.

Thankfully, Cole and I are no longer the only ones asking substantive questions about Rogers and Dianne Feinstein’s fearmongering on this Sunday’s shows. Peter Bergen has a piece that — like Cole — looks at actual numbers to challenge their claims. He relies on a New America Foundation study of Americans and residents indicted or killed over the last decade, showing that those numbers show terrorism to be going down (and be propagated by smaller, less capable groups).

But is there any real reason to think that Americans are no safer than was the case a couple of years back? Not according to a study by the New America Foundation of every militant indicted in the United States who is affiliated with al Qaeda or with a like-minded group or is motivated by al Qaeda’s ideology.

In fact, the total number of such indicted extremists has declined substantially from 33 in 2010 to nine in 2013. And the number of individuals indicted for plotting attacks within the United States, as opposed to being indicted for traveling to join a terrorist group overseas or for sending money to a foreign terrorist group, also declined from 12 in 2011 to only three in 2013.

Of course, a declining number of indictments doesn’t mean that the militant threat has disappeared. One of the militants indicted in 2013 was Dzhokhar Tsarnaev, who is one of the brothers alleged to be responsible for the Boston Marathon bombings in April. But a sharply declining number of indictments does suggest that fewer and fewer militants are targeting the United States.

Recent attack plots in the United States also do not show signs of direction from foreign terrorist organizations such as al Qaeda, but instead are conducted by individuals who are influenced by the ideology of violent jihad, usually because of what they read or watch on the Internet.

None of the 21 homegrown extremists known to have been involved in plots against the United States between 2011 and 2013 received training abroad from a terrorist organization — the kind of training that can turn an angry, young man into a deadly, well-trained, angry, young man.

Of these extremists, only Tamerlan Tsarnaev, one of the alleged Boston bombers, is known to have had any contact with militants overseas, but it is unclear to what extent, if any, these contacts played in the Boston Marathon bombings. [my emphasis]

The post got me thinking about the validity of this metric. Are the number of people indicted since 2009 a reflection of the actual threat, or that Federal officials have exhausted all the leads they’ve gotten from backdoor searches of existing COMINT collections?

Consider what one anonymous source said in the months after Anwar al-Awlaki was killed.

U.S. intelligence analysts miss the publication, too, at least to the extent that it provided a window into the thinking of al-Qaeda in the Arabian Peninsula, as the Yemen-based group is known.

“It was something that helped us gain insight into the group,” said a U.S. defense official involved in tracking AQAP, who spoke on the condition of anonymity. The publication’s apparent demise is “an intelligence loss for us,” the official said.

Yet Inspire probably wasn’t just a window onto AQAP’s thinking (if it really was that). Particularly given the indications NSA had some access to its code (if I were NSA I would have attached some kind of flag to the code used to decrypt the document, and I would also search on that code in upstream collection), I would assume Inspire was a major source of leads. So did killing Awlaki and Samir Khan simply make it harder for US officials to find Muslims to trap in stings over time?

NAF’s data is inconclusive on this point.  Read more

Share this entry

Federated Queries and EO 12333 FISC Workaround

/8 Comments/in /by

Particularly given the evidence NSA started expanding its dragnet collection overseas as soon as the FISA Court discovered it had been breaking the law for years, I’ve been focusing closely on the relationship between the FISA Court-authorized dragnets (which NSA calls BR FISA — Business Records FISA — and PR/TT — Pen Register/Trap and Trace — after the authorities used to collect the data) and those authorized under Executive Order 12333.

This document — Module 4 of a training program storyboard that dates to late 2011 — provides some insight of how NSA trained its analysts to use international collections to be able to share data otherwise restricted by FISC.

The module lays out who has access to what data, then describes how analysts look up both the Reasonable Articulable Suspicion (RAS) determinations of identifiers they want to query on, as well as the BR and PR/TT credentials of those they might share query results with. It also describes how “EAR” prevents an analyst from querying BR or PR/TT data with any non-RAS approved identifier. So a chunk of the module shows how software checks should help to ensure the US-collected data is treated according to the controls imposed by FISC.

But the module also describes how a software interface (almost certainly MARINA, the metadata database) manages all the metadata collected from all over the world.

All of it, in one database.

So if you do what’s called a “federated” query with full BR and/or PR/TT credentials — meaning it searches on all collections the analyst has credentials for, with BR and PR/TT being the most restrictive — you may pull metadata collected via a range of different programs. Alternately, you can choose just to search some of the collections.

When launching analysts with [redacted] the appropriate BR or PR/TT credentials have the option to check a box if they wish to include BR or PR/TT metadata in their queries. If an analyst checks the “FISABR Mode” or “PENREGISTRY Mode” box when logging into [redacted] will perform a federated query. This means that in addition to either BR or PR/TT metadata, [redacted] will also query data collected under additional collection authorities, depending on the analyst’s credentials. Therefore, when performing a query of the BR or PR/TT metadata, analysts will potentially receive results from all of the above collection sources. Users of more recent versions of [redacted] do have the option, however, to “unfederate” the query, and pick and choose amongst the collection sources that they would like to query (10)

Back in 2009, when NSA was still working through disclosures of dragnet problems to FISC, analysts apparently had to guess where the data they were querying came from (which of course is an implicit admission that BR data had been improperly treated with weaker EO 12333 protections for years). But by 2011 they had worked it out so queries showed both what SIGAD (collection point) the metadata came from, as well as (using a classification mark) its highest classification.

It is possible to determine the collection source or sources of each result within the chain by examining the Producer Designator Digraph (PDDG)/SIGINT Activity Designator (SIGAD) and collection source(s) at the end of the line.

If at least one source of a result is BR or PR/TT metadata, the classification at the beginning of the line will contain the phrases FISABR or PR/TT, respectively. In addition, in the source information at the end of the line, the SIGAD [redacted] BR data can be recognized by SIGADs beginning with [redacted] For PR/TT, data collected after October 2010 is found [redacted] For a comprehensive listing of all the BR and PR/TT SIGADs as well as information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert.

Since it is possible that one communication event will be collected under multiple collection authorities (and multiple collection sources), not all of the results will be unique to one collection authority (or collection source). Keep in mind that the classification at the beginning of each result only indicates the highest level classification of that result, and does not necessarily reflect whether a result was unique to one collection authority (or collection source). If a result was obtained under multiple authorities (or sources), you will see more [redacted] (15-16)

In other words, analysts will be able to see from their results where the results come from. If a query result includes data only from BR or PR/TT sources, then the analyst can’t share the result with anyone not cleared into those programs without jumping some hoops. But if a query result showed other means to come up with the same results from a BR or PR/TT search (that is, if EO 12333 data would return the same result), then the result would not be considered a BR- or PR/TT-unique result, meaning the result could be shared far more widely. (Note, this passage also provides more details about the timing of the Internet metadata shutdown, suggesting it may have lasted from November 2009 to October 2010.)

Sharing restrictions in the FISC Orders only apply to unique BR or PR/TT query results. If query results are derived from multiple sources and are not unique to BR and PR/TT alone, the rules governing the other collection authority would apply. (17)

After noting this, the training storyboard spends 5 pages describing the restrictions on dissemination or further data analysis of BR and PR/TT results, even summaries of those results.

Then it returns to the point that such restrictions only hold for BR- or PR/TT-unique results and encourages analysts to run queries under EO 12333 so as to be able to get a result that can be shared and further exploited.

 However, as we’ve discussed, not all BR or PR/TT results are unique. If a query result indicates it was derived from another collection source in addition to BR or PR/TT, the rules governing the other collection authority would apply to the handling an d sharing of that query result. For example, this result came from both BR and E.O. 12333 collection; therefore, because it is not unique to BR information, it would be ok to inform non- BR cleared individuals of the fact of this communication, as well as task, query, and report this information according to standard E.O. 12333 guidelines.

In summary, if a query result has multiple collection authorities, analysts should source and/or report the non-BR or PR/TT version of that query result according to the rules governing the other authority. But if it is unique to either the BR or PR/TT authority then it is a unique query result with all of the applicable BR and PR/TT restrictions placed on it. In both cases, however, analysts should not share the actual chain containing BR or PR/TT results with analysts who do not have the credentials to receive or view BR or PR/TT information. In such an instance, if it is necessary to share the chain, analysts should re-run the query in the non-BR or non-PR/TT areas of [redacted] and share that .cml. (22)

Let me be clear: none of this appears to be illegal (except insofar as it involves a recognition it is collecting US person data overseas, which may raise issues under a number of statutes). It’s just a kluge designed to use the US-based dragnet programs to pinpoint results, then use EO 12333 results to disseminate widely.

It does, obviously, raise big questions about whether the numbers reported to Congress on dragnet searches reflect the real number of searches and/or results, which will get more pressing if new information sharing laws get passed.

Mostly, though, it shows how NSA uses overseas collection to collect the same data on Americans without the restrictions on sharing it.

There are a lot of likely reasons to explain why the NSA stopped collecting Internet metadata in the US in 2011 (seemingly weeks after this version of the storyboard, though they would still be able to access the PR/TT metadata for 5 years Update 11/20/14: they destroyed the PRTT data in December 2011). But it is clear the overseas collection serves, in part, to get around FISC restrictions on dissemination and further analysis.

Updated: Added explanation for BR FISA and PR/TT abbreviations.

Share this entry

Home Affairs Committee MPs Worry about Minimization Procedures — of Newspaper, not Spy Service

/7 Comments/in , /by

I just finished watching Guardian editor Alan Rusbridger’s testimony before the House of Commons Home Affairs Committee, which the Guardian live-blogged here. My overall impression is that, whatever else has happened to America’s former colonial overlords, Brits still maintain the ability to be utter blowhards while maintaining a facade of politeness far better than, say, our blowhards on the House Intelligence Committee.

Those who really wanted to attack Rusbridger and the Guardian, though, appear to have no sense of irony.

They latched not primarily on the Guardian’s publication of news about the NSA-GCHQ dragnet, which several MPs agreed showed the spy services had too few limits. Rather, MPs like Keith Vaz and Mark Reckless suggested Rusbridger had broken the law by sending 50,000 files to the NYT without first redacting the names of GCHQ’s spies. From the Guardian liveblog:

Has he communicated information contrary to the Terrorism Act?

Rusbridger says the government has known for many months that the material Snowden leaked included names of security people at the NSA andGCHQ and he told the cabinet secretary in July that the Guardian was sharing with the NYT. Self-evidently they work in New York. Rusbridger holds up the book Spycatcher by Peter Wright, a former MI5 agent, and recalls the ridiculous sight of the UK trying to stop publication of something being published elsewhere in the world. That was the point of giving the files to the NYT – to avoid a similar situation.

You have I think admitted a criminal offence there, Reckless says. Should Rushbridger be prosecuted?

Admittedly, this was mostly an attempt to intimidate Rusbridger (and he said as much).

But it was also a query about whether the Guardian used adequate minimization procedures before sharing bulk data collected in the course of reporting.

To one question, Rusbridger admitted he hadn’t gone through all 50,000 documents before handing them to the NYT, but he knew the NYT would also protect the names of any spies.

He effectively was taking precisely the same stance on minimization that GCHQ and NSA adopt with their bulk collection. The services share unminimized bulk collected data back and forth with each other. They agree (though sometimes let each other ignore that agreement) to minimize the data of British or US subjects before using that data in finished intelligence reports, the equivalent of a newspaper’s publication.

Pass on the data in bulk, with the understanding none of it will be published with the legally protected identities unmasked (unless needed to understand the intelligence, the spy services allow). That is the practice used by both the Guardian with NYT and GCHQ with NSA.

Spy overseers have repeatedly pointed to minimization procedures as an adequate protection for the privacy of their citizens, to hide information unless it was necessary. Usually, they ignore the danger of having those identities tied to the data in secret archives somewhere.

But at least MPs Vaz and Reckless admit, without meaning to do so, that such minimization procedures might not adequately protect sensitive identities.

But as Rusbridger quipped (and has quipped, elsewhere), the only one who is known to have lost control of data here was the NSA, not the newspapers.

Share this entry

Stealing US Person Data Overseas: A Fox Source and Method

/2 Comments/in /by

Catherine Herridge, one of Fox’s national security journalists, is usually fairly credible.

But yesterday, she gave House Intelligence Chair Mike Rogers an opportunity to claim evidence suggested Edward Snowden had help — without providing any evidence.

The evidence surrounding the case of former NSA contractor Edward Snowden suggests he did not act alone when he downloaded some 200,000 documents, according to the Republican head of the House Intelligence Committee.

“We know he did some things capability-wise that was beyond his capabilities. Which means he used someone else’s help to try and steal things from the United States, the people of the United States. Classified information, information we use to keep America safe,”  Rep. Mike Rogers, R-Mich., told Fox News.  [my emphasis]

To Herridge’s credit, she balances Rogers’ evidence-free claim with Glenn Greenwald’s statement noting that Rogers and others keep making such claims but have never provided any evidence.

That’s when things go south quickly. Herridge claims that a review of the Snowden leaks “shows the majority of the leaks since June now deal with sources, methods and surveillance overseas.”

A review of the NSA leaks by Fox News shows the majority of the leaks since June now deal with sources, methods and surveillance activities overseas, rather than the privacy rights of American citizens.

Now, perhaps she conducted a strict count, including every report on the extensiveness of NSA spying on various countries, to come up with this assertion.

But I find it bizarre that, less than a week after the report that NSA has been spying on the smut habits of 6 non-terrorists, including one US person, she deems this spying not to infringe on the privacy rights of American citizens (though we admittedly don’t know whether the US person is a permanent resident or a citizen).

More importantly, Herridge seems to dismiss the bulk of the recent reports — on deeply concerning dragnets overseas that don’t discriminate on US person data — because they happen overseas.

Now perhaps it’s because she’s doing a flyby on this reporting, and is unfamiliar with the evidence that that collection went overseas at precisely the time similar collection was deemed illegal within the US. Perhaps she’s not considering what it means that NSA steals from Google and Yahoo’s cables overseas in addition to the legally sanctioned spying they’re doing via PRISM. Perhaps she hasn’t reflected on the fact that, when NSA spies on US persons overseas, they get far less protection under EO 12333, no FISC oversight, and almost no Congressional oversight, than they would under FISA Amendments Act.

Perhaps she hasn’t thought through all the ways that this overseas spying may be a far bigger privacy violation than the spying it does in the US, not to mention evidence of NSA’s ongoing refusal to abide by the laws protecting Internet content.

And all that’s before you consider the secondary disclosures — such as the RAS-free searches of Americans’ data via back door searches — that we’re getting because of earlier Snowden leaks.

So perhaps there is a way to count all this up and dismiss worries about US privacy. But real reporting on it says recent leaks provide more cause for concern than most of the early ones.

 

Share this entry