Anonymous Aide Pushback Strengthens Case that DiFi Bill Supports Backdoor Searches

/12 Comments/in /by

Ellen Nakashima wrote a truly remarkable article on the DiFi Fake FISA Fix, in which she quotes the following critics of the bill:

Sen. Ron Wyden (D-Ore.)

Elizabeth Goitein, co-director of the Brennan Center for Justice’s Liberty and National Security Program

Julian Sanchez, a research fellow at the CATO Institute

And quotes the following defenders of the bill and/or surveillance:

Committee Chairman Dianne Feinstein (D-Calif.)

Committee staff, including a committee aide, who was not permitted to speak on the record

Several former senior Justice Department officials, who were not permitted by their current employers to speak on the record

DiFi’s sole on the record comment, by the way, was stating that she would do “everything I can” to preserve the phone dragnet.

And in this article in which surveillance defenders hide behind anonymity, SSCI aides make the following case about the backdoor search “protections” in DiFi’s Fake FISA Fix (concerns about which I raised here).

Wyden and privacy advocates are also concerned that the bill would place in statute authority for NSA to search without a warrant for Americans’ e-mail and phone call content collected under a separate FISA surveillance program intended to target foreigners overseas. That is what Wyden has called a “back-door search loophole.”

Aides note the bill restricts the queries to those meant to obtain foreign intelligence information. They say that there have been only a “small number” of queries each year. Such searches are useful, for instance, if a tip arises that a terrorist group is plotting to kill or kidnap an American, officials have said. [my emphasis]

Take a look at the language pertaining to this issue in the past. Last year’s FAA conference report from the very same Committee described the issue as, “querying information collected under Section 702 to find communications of a particular United States person.” And when Ron Wyden and Mark Udall busted Keith Alexander for making false claims, they suggested the issue was about “allow[ing] the NSA to deliberately search for the records of particular Americans.” And when John Bates approved the NSA and CIA’s use of the practice in 2011, he described it as “query[ing] the vast majority of its Section 702 collection using United States-Person identifiers.” That’s almost precisely the way the Administration referred to it in its Compliance Report this year: “querying of unminimized Section 702-acquired communications using United States person identifiers” (see page 7).

That is, in every reference to this practice I can think of, nothing suggests the practice is limited to searching for US person identifiers in the content of communications. Indeed, the report from this very same committee last year made it clear the practice pertained to searching for the communications written by Americans, not those written about them. And the easiest way to find communications written by Americans is to search on US person identifiers in the metadata of communications.

But the bill specifically excludes searching for US person identifiers in the metadata of communications from its protections. That is, in addition to not prohibiting the searching of US person identifiers to protect life, body, and probably property, and for law enforcement purposes, the bill specifically leaves unrestricted looking up someone’s email or phone number to pull up all their communications from the collection of Section 702-acquired data.

And in their discussion of what the bill protects, these anonymous aide bill defenders describe its use to find people talking about Americans — the kidnapped American whose abductors refer to him by his IP address or phone number in their email. They appear to refer to searching for US person identifiers in the content of communications (which is all the bill protects anyway), not in its metadata. Communications about Americans, not by them. Which is not how all the previous descriptions of this practice describe it.

But the dead giveaway, the tell that this is a big scam to provide the appearance of limits while at the same time enshrining and possibly expanding the warrantless searching of “incidentally” collected US person content, is where the aides say this:

“There have only been a ‘small number’ of queries each year.”

Hahahaha! Have you missed the number of times NSA has said it would be impossible for them to count the number of Americans whose data has been searched in such a way?! NSA has spent well over a year making that claim, and DiFi has shielded that claim every step of the way.

So when DiFi’s anonymous aides make the claim that the queries protected by the law have only been used a few times a year — indeed, when they make the claim they can be and have been counted at all — they make it crystal clear the protections in the law do not pertain to the vast majority of the searches on US person data that has been collected “incidentally” under Section 702 which — the NSA assures us — cannot be counted.

What DiFi and her aides — by their own anonymous and perhaps inadvertent admission — plan to protect is a tiny fraction of the searches on US person data collected under Section 702, the countable fraction of the practice that NSA can’t or won’t count without incurring resource problems.

OK. Thanks anonymous DiFi aides. I wasn’t sure we had cause to worry. But now you’ve made it crystal clear what is going on.

Share this entry

Drowning in Haystacks

/17 Comments/in /by

The NYT and Guardian have similar stories out today describing the sheer breadth of NSA’s spying. The Guardian describes how NSA gleefully embraced change because it presented more opportunities for SIGINT collection.

n one of the leaked ‘State of the Enterprise’ documents from 2007, an NSA staff member says: “The constant change in the world provides fertile ground for discovering new targets, technologies and networks that enable production of Sigint.”

The official happily embraces this: “It’s becoming a cliché that a permanent state of change is the new standard. It is the world we live in – navigating through continuous whitewater.”

It’s an environment in which the NSA thrives, the official says. And adds: “Lucky for us.”

And both present the plight of someone analyzing Lashkar-e-Taiba who couldn’t read the intelligence because it was all Farsi and Arabic.

One N.S.A. officer on the Lashkar-e-Taiba beat let slip that some of his eavesdropping turned out to be largely pointless, perhaps because of the agency’s chronic shortage of skilled linguists. He “ran some queries” to read intercepted communications of certain Lashkar-e-Taiba members, he wrote in the wiki, but added: “Most of it is in Arabic or Farsi, so I can’t make much of it.”

Both, too, present how detailed our intelligence from Afghanistan has been — though the NYT noted, it doesn’t seem to have brought us success.

We are collecting enormous amounts of data, but it’s not clear what good it’s doing us.

Meanwhile, remember this. The intelligence community keeps missing Congress’ mandated deadlines to install insider detection software — including in the Hawaii location from which Snowden took his files. Given Snowden’s success, it’s safe to assume paid assets of foreign governments have gotten some of it as well. The reason we’re not protecting all this intelligence is because we don’t have the bandwidth to run the software.

Collecting all this data — particularly if we can’t even analyze much of it — has costs. One cost is in the tradeoff we’ve made in keeping it secure.

Our haystacks our drowning us.

Share this entry

DiFi’s Fake FISA Fix: The Roamer Pre-Emergency Exigent Excuse To Be Used on Internet Content

/6 Comments/in /by

There’s one more aspect of Dianne Feinstein’s Fake FISA Fix bill that doesn’t make any sense: it’s proposed solution to the “roamer problem.”

Roamers are, at least as the NSA’s internal review explains them, when a foreign target with a GSM device (I think Keith Alexander has used the word “phone” when he describes this) — who may be targeted under either FISA Amendments Act or EO 12333 — travels into the US and NSA keeps tracking him, resulting in a violation because it means the NSA is wiretapping someone in the US without a warrant.

My sense is the NSA had tracked but never really cared about this GSM problem before Barton Gellman released an internal compliance report dating to May 2012 that revealed them. The NSA claimed to itself the problem was “largely unpreventable” (though it did commit to more research to understand it).

But now that it has been revealed as part of an eye-popping number of violations in 2011-12, NSA has proposed to fix it this way.

(f)(1) Notwithstanding any other provision of this Act, acquisition of foreign intelligence information by targeting a non-United States person reasonably believed to be located outside the United States that was lawfully initiated by an element of the intelligence community may continue for a transitional period not to exceed 72 hours from the time when it is recognized that the non-United States person is reasonably believed to be located inside the United States and that the acquisition is subject to this title or title III of this Act, provided that the head of the element determines that there exists an exigent circumstance and—

Read more

Share this entry

DiFi’s Fake FISA Fix Appears to Further Extend Searches on US Persons Under Section 702

/4 Comments/in /by

There’s a section of DiFi’s FakeFISAFix bill, called “Restrictions on the Querying of the Contents of Certain Communications,” that purports to put new limits on the searches of data collected under Section 702 for US person information.

(m) QUERIES.—

(1) LIMITATION ON QUERY TERMS THAT IDENTIFY A UNITED STATES PERSON.—A query of the contents of communications acquired under this section with a selector known to be used by a United States person may be conducted by personnel of elements of the Intelligence Community only if the purpose of the query is to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.

(2) RECORD.—

(A) IN GENERAL.—For any query performed pursuant to paragraph (1) a record shall be retained of the identity of the Government personnel who performed the query, the date and time of the query, and the information indicating that the purpose of the query was to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.

While the additional record-keeping is a significant improvement (remember, the IC has been saying they can’t even count this), I think, as it does with Section 215 searches, the language of the bill may actually expand the searches for US person content in information collected under Section 702.

As a threshold matter, the language restricting certain searches to foreign intelligence purposes only codifies the status quo. The language John Bates approved in 2011 (see page 23 and following) when he gave NSA and CIA this authority (FBI apparently already had it) limited such searches to those “reasonably likely to yield foreign intelligence information.”

In addition, this provision permits such searches for the IC in general. As far as we know for sure, only NSA, CIA, and FBI have this authority (though NCTC have recently gotten their own FISA minimization procedures which might allow them). But this language would seem to permit other agencies within the IC — say, DEA — to query 702 data for US person information as well.

Moreover, the section specifically excludes dialing, routing, and addressing information from this.

(B) CONTENT.—The term ‘content’, with respect to a communication—

(i) means any information concerning the substance, purport, or meaning of that communication; and

(ii) does not include any dialing, routing, addressing, or signaling information

While leaving this stuff out of the definition of content makes sense under the law, this would have the effect of permitting searches on Section 702 data to see if US persons were in there (to see whether a US person was in contact with the target, for example), by searching on the selector as metadata rather than content. Such searches wouldn’t require the same documentation, nor would they bear the intelligence purpose limitation (though I think Bates’ ruling would still limit that).

In other words, thus far, this section seems to create the illusion of oversight for such searches, but oversight that only covers one kind of search on US person data. Read more

Share this entry

It Was Verizon, with the Fiber Cable, Under the Atlantic

/12 Comments/in /by

Egads. Nate is right. The SZ report is old — from August. Folks were chatting about it, I think, in conjunction with the new attention on the 12333 collection overseas, which is why I pointed to it. Thanks for pointing it out.

Remember when former Verizon COO John Stratton accused the Internet companies of “grandstanding” for objecting to having their data stolen?

In a media briefing in Tokyo, Stratton, the former chief operating officer of Verizon Wireless, said the company is “compelled” to abide by the law in each country that it operates in, and accused companies such as Microsoft, Google, and Yahoo of playing up to their customers’ indignation at the information contained in the continuing Snowden leak saga.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

Stratton said the larger issue that failed to be addressed in the actions of the companies is of keeping security and liberty in balance.

“There is another question that needs to be kept in the balance, which is a question of civil liberty and the rights of the individual citizen in the context of that broader set of protections that the government seeks to create in its society.”

Grandstand this, baby:

On Friday Germany’s Süddeutsche newspaper published the most highly sensitive aspect of this operation – the names of the commercial companies working secretly with GCHQ, and giving the agency access to their customers’ private communications. The paper said it had seen a copy of an internal GCHQ powerpoint presentation from 2009 discussing Tempora.

The document identified for the first time which telecoms companies are working with GCHQ’s “special source” team. It gives top secret codenames for each firm, with BT (“Remedy”), Verizon Business (“Dacron”), and Vodafone Cable (“Gerontic”). The other firms include Global Crossing (“Pinnage”), Level 3 (“Little”), Viatel (“Vitreous”) and Interoute (“Streetcar”). The companies refused to comment on any specifics relating to Tempora, but several noted they were obliged to comply with UK and EU law.

Not that we didn’t already know this. Mostly, I’m just surprised AT&T is not included in this list.

Share this entry

Dianne Feinstein Opens the Tech Back Door to the Dragnet Database Even Wider

/2 Comments/in , /by

I’ve been writing for months about the great big loophole providing access to the phone dragnet database.

Basically, the NSA needs someone to massage the dragnet data before analysts do queries on it, to take out high frequency call numbers (telemarketers and pizza joints), and probably to take out certain protected numbers, like those of Members of Congress. (Note, that the NSA has to do this demonstrates not only that all their haystack claims are false, but also leaves the possibility they’ll remove numbers that actually do have intelligence value.)

The problem of course, is that this means there is routine access to the database of all phone-based relationships in the United States that does not undergo normal oversight. We know this is a problem because we know NSA has found big chunks of this data in places where it doesn’t belong, as it discovered on February 16, 2012 when it found over 3,000 call records that had been stashed and kept longer than the 5 years permitted by the FISA Court.

As of 16 February 2012, NSA determined that approximately 3,032 files containing call detail records potentially collected pursuant to prior BR Orders were retained on a server and been collected more than five years ago in violation of the 5-year retention period established for BR collection. Specifically, these files were retained on a server used by technical personnel working with the Business Records metadata to maintain documentation of provider feed data formats and performed background analysis to document why certain contact chaining rules were created. In addition to the BR work, this server also contains information related to the STELLARWIND program and files which do not appear to be related to either of these programs. NSA bases its determination that these files may be in violation of BR 11-191 because of the type of information contained in the files (i.e., call detail records), the access to the server by technical personnel who worked with the BR metadata, and the listed “creation date” for the files. It is possible that these files contain STELLARWIND data, despite the creation date. The STELLARWIND data could have been copied to this server, and that process could have changed the creation date to a timeframe that appears to indicate that they may contain BR metadata.

The bill the Intelligence Committee passed out of committee yesterday not only codifies this practice, but exempts this practice from the explicit limits placed on other uses of this database.

Here’s how it describes this access.

(D) LIMITED ACCESS TO DATA.—Access to information retained in accordance with the procedures described in subparagraph (C) shall be prohibited, except for access—

[snip]

(iii) as may be necessary for technical assurance, data management or compliance purposes, or for the purpose of narrowing the results of queries, in which case no information produced pursuant to the order may be accessed, used, or disclosed for any other purpose, unless the information is responsive to a query authorized under paragraph (3).

Note, I’ve never seen this access described in a way that would include “narrowing the results of queries” before. I’m actually very curious why a tech would need to directly access the database, presumably after a query has already been run, to narrow it. Isn’t that contrary to the entire haystack theory?

In any case, the rest of the bill relevant to the phone dragnet effectively exempts this access from almost all of the oversight it codifies.

The requirement for a written record of the Reasonable Articulable Suspicion and identity of the person making the query does not apply (see 2 A and B). Since no record is made, the FISA Court doesn’t review these queries (6A) and these queries don’t get included in the public reporting (b)(3)(C)(i). I don’t see where the bill requires any record-keeping of this access.

The requirement that the data be kept secure specifically doesn’t apply.

SECURITY PROCEDURES FOR ACQUIRED DATA.—Information acquired pursuant to such an order (other than information properly returned in response to a query under subparagraph (D)(iii)) shall be retained by the Government in accordance with security procedures approved by the court in a manner designed to ensure that only authorized personnel will have access to the information in the manner prescribed by this section and the court’s order. [my emphasis]

And the requirement that personnel accessing the database for these purposes (4) be limited and specially trained doesn’t apply.

A court order issued pursuant to an application made under subsection (a), and subject to the requirements of this subsection, shall impose strict, reasonable limits, consistent with operational needs, on the number of Government personnel authorized to make a determination or perform a query pursuant to paragraph (1)(D)(i).

The only limit that appears to apply to the queries from this data management access of the database is the 5 year destruction.

Now, I think the FISA Court made tentative bids to limit some of the activities in 2009. But this language seems to undermine some of the controls the Court has placed on this access (including audits).

In short, in a purported bid to raise confidence about the NSA creating a database of every phone-based relationship in the United States, the Intelligence Committee has actually codified a loosening of access to the database outside the central purpose of it. It permits a range of people to access the database for vaguely defined purposes, it permits them to move that data onto less secure areas of the network, and it doesn’t appear to require record-keeping of the practice.

But what could go wrong with permitting tech personnel — people like Edward Snowden — access to data with less oversight than that imposed on analysts?

Update: Added the language from the 2012 violation to show how clueless the NSA was about finding this data just lying around and its inability to determine where it came from.

Share this entry

Feinstein’s Fake Fix May Expand Use of the Phone Dragnet

/7 Comments/in , /by

Dianne Feinstein and 10 other Senate Intelligence Committee members approved a bill yesterday that purports to improve the dragnet but actually does almost nothing besides writing down the rules the FISA Court already imposed on the practice.

I’ll have far more on DiFi’s Fake Fix later, but for now, I want to point to language that could dramatically expand use of the phone dragnet database, at least as they’ve portrayed its use.

Here’s how, in June, DiFi described the terms on which NSA could access the dragnet database.

It can only look at that data after a showing that there is a reasonable, articulable that a specific individual is involved in terrorism, actually related to al Qaeda or Iran. At that point, the database can be searched. [my emphasis]

Here are the terms on which her Fake Fix permits access to the database.

there was a reasonable articulable suspicion that the selector was associated with international terrorism or activities in preparation therefor. [my emphasis]

The bill passed yesterday does not require any tie to al Qaeda (or Iran!). An association with al Qaeda (and Iran!) is one possible standard for accessing the database. But it also permits use of the data if someone is “associated with activities in preparation” for international terrorism.

Does that include selling drugs to make money to engage in “terrorism”? Does that include taking pictures of landmark buildings? Does that include accessing a computer in a funny way?

All of those things might be deemed “activities in preparation” for terrorism. And this bill, as written, appears to permit the government to access the database of all the phone-based relationships in the US based not on any known association with al Qaeda (and Iran!), but instead activities that might indicate preparation for terrorism but might also indicate mild nefarious activity or even tourism crossing international borders.

Share this entry

What’s the Relationship Database About?

/23 Comments/in , /by

Atrios asks what the whole dragnet is about.

It’s actually a serious question. Maybe it’s just a full employment program for spooks. Maybe they just do it because they can. But the only “real” point to such an extensive surveillance system is to abuse that surveillance (the surveillance itself is already an abuse of course).

At best it’s a colossal fucking waste of money. At worst?

I actually think there are understandable answers for much of this.

Since Michael Hayden took over the NSA, contractors have assumed an increasingly dominant role in the agency, meaning you’ve got a former DIRNSA at Booz Allen Hamilton pitching future Booz VPs on solutions to keep the country safe that just happen to make them fabulously profitable and don’t happen to foreground privacy. As Thomas Drake showed, we’re pursuing the biggest and most privacy invasive solutions because contractors are embedded with the agency.

I think there’s the One Percent approach we got from Dick Cheney, that endorses maximal solutions to hunt terrorists even while avoiding any real accountability (both for past failures and to review efficacy) because of secrecy. We’re slowly beginning to wean ourselves from this Cheney hangover, but it is taking time (and boosters for his approach are well-funded and publicized).

And, at the same time, criminals and other countries have attacked our weak network security underbelly, targeting the companies that have the most political sway, DOD contractors and, increasingly, financial companies, which is setting off panic that is somewhat divorced from the average American’s security. The accountability for cybersecurity is measured in entirely different ways than it is for terrorism (otherwise Keith Alexander, who claims the country is being plundered like a colony, would have been fired years ago). In particular, there is no punishment or even assessment of past rash decisions like StuxNet. But here, as with terrorism, the notion of cost-benefit assessment doesn’t exist. And this panicked effort to prevent attacks even while clinging to offensive cyberweapons increasingly drives the overaggressive collection, even though no one wants to admit that.

Meanwhile, I think we grab everything we can overseas out of hubris we got while we were the uncontested world power, and only accelerated now that we’re losing that uncontested position. If we’re going to sustain power through coercion — and we developed a nasty habit of doing so, especially under Bush — then we need to know enough to coerce successfully. So we collect. Everything. Even if doing so makes us stupider and more reliant on coercion.

So I can explain a lot of it without resorting to bad faith, even while much of that explanation underscores just how counterproductive it all is.

But then there’s the phone dragnet, the database recording all US phone-based relationships in the US for the last 5 years. Read more

Share this entry

What Are NSA’s Standards for Surveilling Transnational Crime Organizations?

/13 Comments/in , /by

Yesterday, the Italian magazine Panorama claimed that the NSA had wiretapped the Vatican.

I have some questions about the veracity of the report. NSA has denied it more vigorously than other allegations of tapping world leaders. Panorama is not known to have access to the Edward Snowden documents. One key claim — that the current Pope, Jorge Mario Bergoglio, has been surveilled since 2005 — was actually sourced to WikiLeaks in the story (In addition to cables on Argentine politics, Bergoglio shows up in a 2003 cable speculating on the possibility of a Latin American Pope).

All that said, I am intrigued by this claim.

Panorama said the recorded Vatican phone calls were catalogued by the NSA in four categories – leadership intentions, threats to the financial system, foreign policy objectives and human rights.

I did a quick review of WikiLeaks cables on the Vatican (remember, these are classified at no more than the Secret level, and therefore are not going to have any intercept information in them, and they of course stop at 2010). The human rights issues pertain to interfaith dialogue and the rights of Catholics in repressive countries, the Church’s role in anti-gay laws, and allegations of anti-Semitism (this cable, on the Church prioritizing unity and thereby endorsing Holocaust denial, is one of the few Secret ones). There are fewer that relate directly to the Church’s role in the financial system; though a good many cables with “financial” content relate to Syria or, especially, Lebanon, and include the Vatican because of its influence with Christian power brokers in the region (this cable, on Syrian money laundering, was forwarded to the Vatican mission for some reason).

But there two other reasons why the Vatican might be an NSA target based on those topics: its multi-decade cover-up of pedophilia (and the impact legal investigations and settlements might have around the world), and the Vatican’s role in money laundering. The recent disclosures of Vatican money laundering suggest Iraq, Iran, and Indonesia have used the bank, as well as the Italian mafia, but given its ties to Lebanon, I wouldn’t be surprised if it were also laundering money from that country, which is another close focus of the US’ own money laundering attention.

In other words, in addition to wiretapping the Vatican because it wields special influence in countries around the world (the leadership intentions and foreign policy objectives category), the US would have reason to surveil it because of what amount to Vatican actions that make it a Transnational Criminal Organization, completely apart from matters of faith.

That is, if NSA applied its apparent mandate to track TCOs indiscriminately.

But I bet you they don’t. While I am sure they track Latin American, African, and South Asian drug networks, I’m certain they track Russian mobsters who have ties to online crime, and I’m sure they are tracking and probably have an active role in the investigation of Yakuza’s ties to big Japanese banks (most of these are either named Treasury drug kingpin or TCO targets), I also believe if the NSA tracked transnational crime organizations generally, its efforts would be shut down tomorrow.

Imagine, for example, if in addition to using Title III wiretaps (though barely) and self-disclosure and evidence generated by other financial institutions in put-back suits, the NSA used its bulk collection to track JPMC’s international transfers to see whether any of it constituted “foreign intelligence,” and from that referred any evidence of a crime to the FBI? Imagine if the NSA were stealing all of JPMC’s transfer information, even outside its access to SWIFT, to see how JPMC laundered its world-destabilizing actions through multiple jurisdictions? And both JPMC and HSBC have a known history of material support for terrorism, which certainly ought to justify such spying (noting, of course, that I think JPMC did get spied on in conjunction with the Scary Iran Plot, which may have forced FinCEN to settle with it on other outstanding sanction violation issues).

They wouldn’t even need to track JPMC and other multinational banks in the name of transnational crime and terrorism; the Sovereign Wealth Funds of the world — both of volatile Middle Eastern countries, Asian targets, but even in Europe — have effectively become foreign policy entities. Do they track what Qatar and the Emirates do with their SWFs?

As I said, I doubt it. While I suspect as this scandal develops we’ll find more and more evidence that the NSA has spied on targets selected for their financial competition with the US and UK (we’ve already seen hints they collected intelligence on the Euro versus the dollar, Brazil’s competitive position vis as vis the US, for example), I also suspect if there were ever a hint that the NSA treated JPMC or HSBC like it did other TCO targets, it would get shut down in a matter of weeks.

Share this entry

The Smartest European Blowback In the World

/3 Comments/in /by

For the record, I think European and Brazilian efforts to crack down on US cloud companies — especially Google — are mostly just an effort to gain further access to the data themselves and create more competitive conditions for their countries’ own companies (see an interesting development on the Google front here), here is the kind of development that will slow the expansion of the US dragnet.

AT&T Inc.’s ambitions to expand in Europe have run into unexpected hurdles amid the growing outcry across the region over surveillance by the National Security Agency. German and other European officials said any attempt by AT&T to acquire a major wireless operator would face intense scrutiny, given the company’s work with the U.S. agency’s data-collection programs.

Resistance to such a deal, voiced by officials in interviews across Europe, suggests the impact of the NSA affair could extend beyond the diplomatic sphere and damage U.S. economic interests in key markets. AT&T Chief Executive Randall Stephenson has signaled repeatedly in recent months that he is interested in buying a mobile-network operator in Europe, highlighting the potential for growth on the continent at a time when the U.S. company faces headwinds at home.

On Wall Street, many bankers, investors and analysts expect AT&T to make a bid for Vodafone Group PLC, which owns cellphone networks across Europe, as early as the first half of next year.

No matter what other efforts other countries put into place to limit the US dragnet, until they take away access to the telecom backbone and/or until private companies dramatically improve their own security, the US government is just going to take what it wants (Indeed, I have been wondering whether the US push to privatize telecoms starting as early as the 1980s served, in part, to make it easier to find “partners” in access data signals).

To allow AT&T — one of NSA’s longest, most willing partners — to become a big player in Europe would simply provide that access.

I’m mildly sorry for Google and Yahoo, particularly because they’ve had their signals stolen for years and have resisted in the NSA various ways, only some of which have been effective.

But if AT&T gets locked out of overseas expansion because it is effectively just an arm of the NSA, I will applaud.

Share this entry