June 3, 2015

"Three Big Questions About the N.S.A.’s Patriot Act Powers."

"How much phone metadata does the government (and soon the phone companies) actually collect?... What other kinds of data does the government gather in bulk?... What are the costs of collecting all this data?..."

41 comments:

Etienne said...

"what are the costs"

What a stupid question.

Q: How much did the B-52 cost?
A: No one knows, we haven't finished paying the interest yet.

Fernandinande said...

"What are the costs of collecting all this data?..."

The cost of not collecting it is four years in prison.

Hagar said...

All that is classified.

And now they have to figure out work-arounds for the Act just passed.

But no, they are not going to shut the power off.

Todd said...

Fernandinande said...
"What are the costs of collecting all this data?..."

The cost of not collecting it is four years in prison.

6/3/15, 11:07 AM


What if I only collect it on conservative non-profit groups, keep all of the emails discussing that collection process on a private server instead of the government email server, forget I have that server [in my basement] until subpoenaed and then accidently delete all of the emails on that server along with accidently destroying the harddrive from that server? If all that happens I get a raise, early retirement and a medal, right?

Nonapod said...

For me, the phone metadata collection wasn't as big a deal as the bulk internet data collection. It has always annoyed me a bit that every time people discuss and debate this stuff they inevitably focus on phone metadata. We're living in a world where increasingly more and more communication is unspoken/text based. Text is far easier to analyze on a mass scale.

PB said...

Unfortunately, the bulk collection programs have proven not worth the investment in terms of their stated objective, but the "intelligence-industrial complex" (a subset of the military-industrial complex) won't let them die.

Tracking voice calls on mobile phones and IP addresses are fairly useless when the voice calls can go over VoIP on the data connection with encryption and VPN indirection utilized. These would be used for strategic coordination by folks who would turn to encrypted walkie-talkies for tactical matters. If it gets to that point, it's pretty much too late for authorities to really do anything.

The more they erect complex systems, the more likely it is that simple things will be missed.

PB said...

The obvious thing that needs attention? Immigration and border control. Just enforce the existing law.

PB said...

If I wanted to communicate widely among a far flung group securely, I'd used encrypted messages buried in image, audio, and video files posted publicly on major file sharing sites. That cat video on YouTube may contain more than a cute cat trick. Millions may be viewing it for laughs and kicks, but a few may be getting just a little bit more out of it.

Left Bank of the Charles said...

There's really only one question, and the answer to it is probably no:

Can we stop telecom and the internet from becoming like banking, finance, and travel where the government tracks and profiles any behavior it deems suspicious?

The proof may be in my previous comment, which now says "Comment deleted. This comment has been removed by the author." Yes, it has been deleted, but has it been deleted deleted?

Bob Ellison said...

"How much phone metadata does the government (and soon the phone companies) actually collect?"

How naive can a New Yorker writer actually be?

How much data do you suppose Google collects? They have no reason to collect data, right? It all goes in the round file once you hit the Search button.

Bob Ellison said...

I think I'll change my voicemail greeting to:

The number you have dialed...212-555-1212...has been changed. The new number is...get in front of a male goat.

Bob Ellison said...

"What are the costs of collecting all this data?"

Oh, man. Are you living in 1960?

The costs are de minimis. I've probably got enough storage in my private office to take a year's worth of the USA's phone metadata.

I don't mean to make fun of media analysts. No, yes, I do. This is really stupid. Does this guy know anything about computers and related subjects?

Big Mike said...

The real question is, do we trust this administration and all future administrations not to abuse this data?

Jaq said...

There are all kinds of not just legitimate, but necessary reasons for phone companies to collect this metadata. Every thing that happens in their networks is reflected there, including profitability of routes, fraud, abuse by partners, quality of service, everything.

Phone companies have to keep this data or fly blind. They keep it, it is there to subpoena. You don't want to be monitored, use smoke signals. For a long time using a Blackberry was pretty good protection. Not anymore. It used to be that there was so much of it, you could count on being lost in the firehose, not anymore.

Other countries keep a lot more, such as records of every web site you have visited delivered up to the govt every day. Or recordings of the first thirty seconds of every international call.

cubanbob said...

Big Mike said...

The real question is, do we trust this administration and all future administrations not to abuse this data?
6/3/15, 12:07 PM"

No. And not for the next ten generations of Administrations. Next.

Etienne said...

Today, it would be simple to track anyone with a cell phone. The FBI planes are probably all equipped with cell phone spoofers, as they are much smaller now. Even hobbyists are building their own private cell phone networks using the cheap hardware available.

Bottom line: cell phones should not be your method of secure communications. Even if fully encrypted.

Jaq said...

If I wanted to communicate widely among a far flung group securely, I'd used encrypted messages buried in image, audio, and video files posted publicly on major file sharing sites. That cat video on YouTube may contain more than a cute cat trick.

Known technique and detectable. Maybe not decipherable, but detectable. Remember that we are talking about metadata.

Etienne said...

When the government was at a loss as what to do in order to track people better, they finally hired some contractors, and they built Facebook and Google.

The Soviets and Chicoms only look on salivating with envy.

traditionalguy said...
This comment has been removed by the author.
cubanbob said...

tim in vermont said...

If I wanted to communicate widely among a far flung group securely, I'd used encrypted messages buried in image, audio, and video files posted publicly on major file sharing sites. That cat video on YouTube may contain more than a cute cat trick.

Known technique and detectable. Maybe not decipherable, but detectable. Remember that we are talking about metadata.
6/3/15, 12:18 PM

Any electronically transmitted data is detectable if not necessarily decipherable. That has always been true. Its the ability to acquire the data on such a large scale that is new.

Jaq said...

Other countries keep a lot more, such as records of every web site you have visited delivered up to the govt every day. Or recordings of the first thirty seconds of every international call.

By the way, these are Western Democracies, not the Chicoms or the Iranians. Who knows what they do?

Gabriel said...

I understand the distinction between metadata and listening to calls or reading email. And I understand the assurances about oversight and appropriateness and whatnot.

The problem is that I have no assurance that the government is telling the truth about these programs, I have no independent verification that they are what they are represented to be, I have no assurance that the people doing the assuring even know themselves everything that is going on, and I have no way to know that even if there are no abuses now, that there will not be in the future, and I will have no way to find out that they've started abusing the programs.

I am not okay with that.

Jaq said...
This comment has been removed by the author.
traditionalguy said...

The question is are we ready for our new border less world that only distributes authorizations of digital data with attached, revocable electronic value units quaintly called money.

All cash has to be eliminated.
A chip has to be implanted in all humans so interactions can be tracked with wi-fi.
A secret Police has to be in place to enforce compliance and stop smuggler's black market trade using illegal money units.
The internet has to be censored of content not written by the Government.

All of the above speculation goes right back to the capacity for digital computer power. We know the hardware is in place. But the soft wear must still have glitches.

Known Unknown said...

The problem is that I have no assurance that the government is telling the truth about these programs,

"The head of intelligence agency lied to the American people, and he still works there."

-Rand Paul

Paul is the only guy who seems to give a shit about privacy and individual rights.

lgv said...

Bob Ellison, the cost of collecting the data is low, but the cost of sifting through it is not.

There are a lot more questions than 3 and a lot better questions than the cost. As a rule of thumb, never trust the NSA to stop at whatever boundary has been drawn. They believe they are above the law because they serve a higher power, national security. It has always been that way. The only thing that has changed is how far across the line they can go with today's technology.

Jaq said...

the cost of collecting the data is low, but the cost of sifting through it is not.

Exactly backwards. Once you have collected it and stored it, it takes a small team of people to find new ways to look at it.

Etienne said...

Snowden made over $100k a year as a contractor. Federal NSA civilian employees make much more.

Cheap is relative.

Sammy Finkelman said...

"How much phone metadata does the government (and soon the phone companies) actually collect?...

They didn't collect everything, actually, because some of it was not saved.

The telephone companies are under no obligation under the new law to maintain these records, and some won't because they don't need them for billing purposes or technical support, and not maintaining records might be a selling point.

The government actually will continue to collect records for 6 months (unless they amend it to a year) and Obama will decide how long they will keep what they already have.

Everything that they started under the old Patriot Act (in terms of roving wiretaps etc.) continued during the interregnum.

What other kinds of data does the government gather in bulk?...

Off the top of my head:

That's a good question. They were collecting some e-mail - actual messages too - but I think they stopped.

They have access to credit card purchases, and hotel reservations, and airline reservations, upon request approved by a FISA court, as do the police in ordinary criminal investigations after approval by an ordinary court, but it seems like maybe the telephone metadata was the only thing the government stored itself and they did it because telephone companies were deleting them sometimes.

The big problem was this basic fact was itself kept secret.

What are the costs of collecting all this data?..."

Till now, probably not too much. From now on, zero - all the costs will be borne by the telephone companies, but the telephone companies are under no obligation to keep any records they wouldn't ordinarily keep and some may decide to keep less than before.

They queried the database less than once a day. (and I would guess there could be multiple queries as a result oof the same line of investigation)

The whole telephone metadata database was hardly used at all. (And every once in a while someone was caught using it for personal reasons)

But mostly it just wasn't used at all. The DEA used to complain they wouldn't let them use it in drug investigations even though there was a foreign intelligence component. So the DEA created its own database of telephone calls, but, unlike the NSA one, they only had records of calls originating in the United States and going to telephone numbers outside of the United States.

http://www.nytimes.com/2015/01/17/us/dea-kept-telephone-records-on-americans-justice-department-says.html?_r=0

The program was suspended in Sept. 2013 and the data has since been deleted, said the Justice Department in January, 2015.

Now Rand Paul can rest assured telephone metadata won't be used in drug smuggling investigations because there just won't be a single database.

rp said...

What I find most interesting is why, apparently, the massive data collection center was placed in Utah. I asked someone out there and the quick and serious answer was, "We can block our interstate highways at the borders and keep the rest of you OUT". There probably is some truth to that. Utah, as a piece of land, probably is easier to isolate and defend than most other states -- if that turns out to be what the feds want to do.

Sammy Finkelman said...

Coupe said...

When the government was at a loss as what to do in order to track people better, they finally hired some contractors, and they built Facebook and Google.

Not on purpose, of course, but once it was there:

http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html

The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice...The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said.

Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners...The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents.... The documents do not describe what has resulted from the scrutiny, which links phone numbers and e-mails in a “contact chain” tied directly or indirectly to a person or organization overseas that is of foreign intelligence interest...


That is, they stopped trying to determine in advance who or what any e-mail adddress or Facebook profile belonged to. They were trying to discover rings, and that's maybe also how they discovered the person who was killed in Boston the other day, for instance.

Gabriel said...

@Sammy Finkelman: How do you know any of that is true? If it is true, how will you know when it stops being true?

What, besides faith in integrity and good intentions, do you offer to answer those two questions?

Anonymous said...

Hard to do traffic analysis without observing the traffic.

Jaq said...

LarsPorsena is exactly correct.

But I am sure that there are lots of blowhards who know more about network surveillance.

Jaq said...

Here's one

How exactly are you supposed to know if a tower is dropping calls on some particular call handover or some other network element is working or not working? You can't trust the instrumentation on the equipment, it helps, but it is just not enough.

Sure, you could have a phone company that promises not to monitor its own network and put up with the lousy service and dropped calls. I am thinking though that this might not be the ideal service for your average American.

Known Unknown said...

What are the costs of collecting all this data?..."

Maybe this was never a question with a financial answer ...

khesanh0802 said...

Isn't it amazing what we learn when the Senate is actually fulfilling its function of debating and voting. Harry Reid did a tremendous disservice to us all by bottling up the Senate for six years.

jeff said...

I'm ok with this as long as Bush isn't looking at my library card.

Kirk Parker said...

FWIW, here's a possibly-interesting novel somewhat on this theme of pervasive surveillance: Prime Target.

Kirk Parker said...

PB,

Steganography rulz!

Tim in VT,

Your questions and concerns are valid. The key is to making the cat-video go viral, so lots and lots of people are downloading it just because it is something "cute" about "cats". (I know, I know--bear with me, you have no idea how many of your fellow-humans do not recognize felines as the members of the Dark Side that they are.)

That is what allows your recipient to safely download the file and retrieve the steganographic message, because zillions of his purported fellow-humans are doing the same.

lgv said...

Exactly backwards. Once you have collected it and stored it, it takes a small team of people to find new ways to look at it.

Wrong. The data is collected by others, e.g. service providers and given to the NSA. The NSA spends a fortune writing code to "look" at it. I worked at a company whose only customer was the NSA. Sorting through lots of data takes lots of good code.