(Source: Nation of Change)
"Interesting" auto-flagged emails are stored in "Trafficthief" and other DBs for five years or more

"I, sitting at my desk, wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email," declared former U.S. National Security Agency (NSA) and Booz Allen Hamilton Holding Corp. (BAH) leaker Edward Snowden.

I. Lies Politicians Told Me

Rep. Mike Rogers (R-Mich.), who recently shot down an effort to trim back NSA spying, was one mouthpiece in the Obama administration's vocal denial of that statement.  

Rep. Rogers took a rather personal angle in challenging Mr. Snowden's veracity, attacking, "He's lying. It's impossible for him to do what he was saying he could do.  I hope that we don't decide that our national security interests are going to be determined by a high-school dropout who had a whole series of both academic troubles and employment troubles."

Likewise, President Barack Hussein Obama (D) himself commented in a PBS interview with Charlie Rose:

We're going to have to find ways where the public has an assurance that there are checks and balances in place ... that their phone calls aren't being listened into; their text messages aren't being monitored, their emails are not being read by some big brother somewhere.

He argued that the data gathering was "transparent" and "that’s why we set up the FISA court", a rather interesting claim given that the FISA is the secret PATRIOT Act court whose orders are sealed and whose actions are not allowed to be known by the public.

The President's motivations for the spying, however, appear fairly straightforward.  An estimated 70 percent ($33.7B USD) of the request fiscal 2014 funding for intelligence/spying activities is scheduled to go to private contractors, the biggest of which are BAH, Northrop Grumman Corp. (NOC), Honeywell Int'l Inc. (HON) (via is Science Applications Int'l Corp. subsidiary), Raytheon Comp. (RTN), and Lockheed Martin Corp. (LMT).  

These companies were among the president's top campaign donors, pouring nearly twice as much money over him as they did to Mitt Romney (Booz Allen Hamilton gave $176,000 + $281,700 USD to supporting PACs; Lockheed Martin gave $285,600 + $854,300 USD to supporting PACs; Honeywell Int'l  gave $93,600 USD + ~$100,000 USD to supporting PACs; Raytheon  gave $155,800 + $522,300 USD to supporting PACs; and Northrop Grumman gave $251,500 + $323,300 USD to supporting PACs. 

II. Sweeping Warrantless Email, Chat Surveillance Program Gets Outed

On Wednesday, though The Guardian's Glenn Greenwald published a report that reveals that the NSA is monitoring millions of people's emails and chats via a program called "XKeyscore".  Internal training documents call the program the "widest-reaching" data collection effort in world history.  

NSA XKeyscore
[Image Source: The Guardian]

Presentations on the tool describe a "Digital Network Intelligence (DNI)" which scrapes countless bytes of data from ISPs, telecommunications backbones, and more under the PATRIOT Act.  One slide brags, "nearly everything a typical user does on the internet [is captured]."

NSA email
[Image Source: The Guardian]

In other words compressed, searchable collections of everything you do online, every word you type and send are being compiled at secret NSA facilities, and you're paying the bill -- a "modest encroachment" of privacy in the President's mind.

Without any warrants an NSA analyst can mine databases at will and view communications, with only a small on-screen form to be filled in justifying the reason for the search.  Agents can find and track your online actions via a number of search options including name, telephone number, IP address, keywords, the language in which the internet activity was conducted, or the type of browser used.

NSA Email spying

NSA Email spying
[Image Source: The Guardian]

Under the PATRIOT Act's FISA court federal agents need a warrant to get an "all you can eat" pass to your digital life -- officially.  But the XKeyscore appears to offer agents the ability to view without warrant "real-time" database logs of emails/chats associated with specific accounts of U.S. citizens -- even if they're not technically supposed to be doing that.

NSA email spying
[Image Source: The Guardian]

In fact, the program allows NSA agents to in some cases not even have to write a justification, simply click-and-picking one from a drop-down menu of canned justifications.

NSA monitoring
[Image Source: The Guardian]

A December 2012 slide entitled "plug-ins" suggests the tools are especially good at monitoring your contacts, including:
  • "every email address seen in a session by both username and domain"
  • "every phone number seen in a session [eg address book entries or signature block]"
  • "the webmail and chat activity to include username, buddylist, machine specific cookies etc"
When searching, the NSA tool taps a series of databases that include data intercepted directly from email services, data from "contact us" email forms on webpages, and online documents.  The search then returns a list of emails that an NSA agent can click to read.

III. Facebook, Google Chats are Mined

As with the previous monitoring, the NSA -- who is supposed to be monitoring foreign communications -- seems primarily interested in monitoring interactions of U.S. citizens.  One slide states, "communications that transit the United States and communications that terminate in the United States" are the primary purpose of XKeyscore., Inc. (FB) CEO Mark Zuckerberg insisted that his social network's users weren't being monitored by the feds, commenting:

Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively.

Whoops, that sounds like another lie, whether or not the Zucks realizes it.  Slides show that an agent can enter a Facebook user name and date range and get a full transcript of your chat logs.

NSA Facebook

NSA Facebook
[Image Source: The Guardian]

Another slide indicates that the feds may have similar open access to Google Inc.'s (GOOG) Gmail and Yahoo! Inc.'s (YHOO) Mail.  The only limitation is storage space.  Documents indicate that full records (email, chat logs, etc.) are captured and stored 3 to 5 days, while the associated metadata (email headers, etc.) are stored 30 days.  Comments one slide "At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours."

Forum traffic was also targeted.

NSA Forum monitoring
[Image Source: The Guardian]

These monitoring facilities aren't cheap.  William Binney, a former NSA mathematician, estimated in 2012 that the NSA and affiliate agencies have captured and stored 20 trillion pieces of data (e.g. emails, call metadata records, etc.) of U.S. citizens communicating with fellow Americans.  A 2010 article in The Washington Post describes, "Every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."

NSA Email Storage
[Image Source: The Guardian]

But that doesn't mean your older records are safe.  The NSA has developed tiered-storage solutions that use automated scripts to flag and cache potentially "interesting" information in databases for long term storage.  These databases include "MARINA", "Pinwale", and "Trafficthief".

IV. Abuse in Similar Programs Have Been Shown to be Rampant

So how much are those "justifications" the agents fill out checked for legality and ethical use?  According to Mr. Snowden, "It's very rare to be questioned on our searches and even when we are, it's usually along the lines of: 'let's bulk up the justification.'"

The Director of National Intelligence, James Clapper, acknowledges in Congressional testimony that there have been "a number of compliance problems", but insisted these illegal actions weren't in "bad faith".  Instead they were due to "human error" or "highly sophisticated technology issues", he says.

In similar PATRIOT Act monitoring programs audit by the U.S. Department of Justice's Inspector General (IG) it was found that "Documentation was missing or inadequate in 60 percent of the files the Inspector General looked at."

PATRIOT Act spying
Similar programs have been plagued by rampant abuses. [Image Source: Nation of Change]

Furthermore, the full documents associated with approximately "70 percent" of the seizures that were logged in a database could not be found, meaning there was no way of telling whether they were valid or something entirely inappropriate (e.g. an administration official spying on political rivals, a man stalking his ex-girlfriend, etc.).  The "voluntary self-reporting" used to log offenses produced only 26 hits out of 146,000 requests (0.0178%), but the audit found 17 out of 77 inspected letters (22.1%) were blatant violations while 46 of them (59.7%) had missing records that made them impossible to verify.

Former federal officials have claimed that U.S. spying agencies target U.S. citizens based on their religion and political views.

In other words if XKeyscore is anything like other audited programs, there's lots of abuse, little documentation, and a totally broken system of self-policing that sweeps all that mess under the rug.

V. The Old "But We Caught a Few Terrorists" Excuse

The payoff for this loss of freedom?  The NSA slides brag that by 2008 300 terrorists were caught globally using XKeyscore.

The NSA writes in a statement to the Guardian:

NSA's activities are focused and specifically deployed against – and only against – legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests.

XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system.

Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks … In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring.

Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.

These types of programs allow us to collect the information that enables us to perform our missions successfully – to defend the nation and to protect US and allied troops abroad

Note the key word is "auditable", meaning audits of the request have not necessary occurred.  The NSA also does not explain why if the programs purpose was to be "deployed against – and only against – legitimate foreign intelligence targets" why it would brag in its own words of the ability to track "communications that transit the United States and communications that terminate in the United States."

NSA Unchained
[Image Source: ACLU]
The sad thing is that the U.S. has long condemned nations like Russia and China for their internet surveillance, particularly in annual U.S. Department of State (DoS) reports on attacks on freedom in China, Russia, and elsewhere.  Perhaps a look in a mirror is now in order.

Clearly a "fool me once" principle applies to this one, as the NSA spins yet another layer in its tangled web of revisionist promises and denials.

Source: Guardian UK

"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki