General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsHere's How the NSA Decides Who It Can Spy On
By Kevin Drum
The NSA isn't allowed to spy on Americans, but the nature of modern communication doesn't always make it obvious whether a phone call or email is foreign or domestic. This means that in the course of its normal business of spying on foreigners, NSA will inevitably collect information it shouldn't have. Certain rules, called "minimization procedures," define what NSA is required to do when it discovers that it has inadvertently captured a U.S. person in its surveillance dragnet.
Today, in the latest release of classified NSA documents from Glenn Greenwald, we finally got a look at these minimization procedures. Here's the nickel summary:
The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.
I have a feeling it must have killed Glenn to write that paragraph. But on paper, anyway, the minimization procedures really are pretty strict. If NSA discovers that it's mistakenly collected domestic content, it's required to cease the surveillance immediately and destroy the information it's already collected. However, there are exceptions. They can:
Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity.
The Guardian has posted two classified documents online. The first one describes the procedure for determining whether a surveillance target is legitimate (i.e., a non-U.S. person located outside the country). The second one describes the minimization procedures in case of inadvertent targeting of a U.S. person. There are a few obvious things to say about them:
- The determination document repeatedly emphasizes that NSA bases its decisions on the "totality of the circumstances." There are quite a few safeguards listed to make sure that only foreigners are targeted, but in the end these are often judgment calls from analysts.
- The minimization procedures are fairly strict, but they do allow retention and dissemination of domestic datawithout a warrantunder quite a few circumstances. "Threat of harm" is pretty broad, as is "criminal activity." The latter, in fact, seems like a loophole the size of a Mack truck. It suggests that NSA could have a significant incentive to "inadvertently" hoover up as much domestic information as possible so it can search for evidence of criminal activity to hand over to the FBI.
- The oversight procedures are pretty thin. Analysts have quite a bit of discretion here.
http://www.motherjones.com/kevin-drum/2013/06/heres-how-nsa-decides-who-it-can-spy
WaPo: New documents reveal parameters of NSAs secret surveillance programs
http://www.democraticunderground.com/10023058091
NYT: Documents Detail N.S.A. Surveillance Rules
http://www.democraticunderground.com/10023058210
The Magistrate
(95,241 posts)I do not see anything particularly alarming or threatening in them. Obviously, any set of guidelines could be abused, but if these are run by normally accepted definitions of the terms employed, this is pretty innocuous.
FSogol
(45,446 posts)ProSense
(116,464 posts)"I do not see anything particularly alarming or threatening in them. Obviously, any set of guidelines could be abused, but if these are run by normally accepted definitions of the terms employed, this is pretty innocuous."
...forced to debate this on the facts, and the potential for abuse seems to be the most dire concern: "The oversight procedures are pretty thin."
The methods and scope are also an issue.
HardTimes99
(2,049 posts)originally said, at least as I read and listened to him.
Snowden claimed NSA analysts and contractors like himself could tap into any phone call they desired, not that they actually were doing so. (The act of actually doing it may have been implied in some of Snowden's words or some of Greenwald's writing that I missed and, if so, I stand corrected.) Likewise, Snowden may have claimed (although I don't recall it) that the NSA could store every phone call but not that they actually were storing every phone call.
To me, there's a galaxy of difference between a technical capability to do something -- itself debatable -- and the fact that something technically capable is actually being done.
Am I making too much of a distinction without a difference?
BTW, thank you very much for posting this. I am reccing for what the nuances it adds to the heated discussion.
"Snowden claimed NSA analysts and contractors like himself could tap into any phone call they desired, not that they actually were doing so. "
...there is still authorization required, and only a small pool are authorized to access the data.
By Dana Liebelson
1) Surveillance Has Contributed to Thwarting More Than 50 Terror Plots Since 9/11
<...>
2) The NSA Doesn't Need Court Approval Each Time it Searches Americans' Phone Records
NSA Deputy Director John Inglis said that 22 NSA officials are authorized to approve requests to query an agency database that contains the cellphone metadata of American citizens. (Metadata includes the numbers of incoming and outgoing calls, the date and time the calls took place, and their duration.) Deputy AG Cole also said that all queries of this database must be documented and can be subject to audits. Cole also said that the the NSA does not have to get separate Foreign Intelligence Surveillance Court (FISC) approval for each query; instead, the agency merely has to file a monthly report with the court on how many times the database was queried, and how many of those searches targeted the phone records of Americans.
3) 10 NSA Officials Have Permission to Give Information About US Citizens to the FBI
There are 10 NSA officialsincluding Inglis and Alexanderinvolved in determining whether information collected about US citizens can be provided to the FBI. It can only be shared if there's independent evidence that the target has connections to a terrorist organization. Inglis said that if the information is found to be irrelevant, it must be destroyed. If the NSA mistakenly targets an American citizen, it must report this to the Foreign Intelligence Surveillance Court.
4) Other Countries are Less Transparent Than the US, Officials Say
Cole said that the FISA Amendments Act provides more due process than is afforded to citizens of European countries, including Germany, the U.K., and France. Alexander added that "virtually all" countries have laws that compel telecommunications firms to turn over information on suspects.
5) Fewer Than 300 Phone Numbers Were Targeted in 2012
NSA officials say that even though the agency has access to Americans' phone records, it investigated fewer than 300 phone numbers connected to US citizens in 2012. The officials did not provide any detail on the number of email addresses targeted.
http://www.motherjones.com/mojo/2013/06/5-new-revelations-nsa-top-secret-surveillance-programs
http://www.democraticunderground.com/10023041631
HardTimes99
(2,049 posts)just because an analyst is technically capable of tapping a call in progress (or capturing and storing it for subsequent retrieval) does not mean that analysts are actually doing this.
The technical capability does not, in and of itself, equal an operational reality.
Am I missing your drift? Are you saying the NSA does not even have the technical capability to tap conversations in progress (or capture them for subsequent retrieval)?
ProSense
(116,464 posts)just because an analyst is technically capable of tapping a call in progress (or capturing and storing it for subsequent retrieval) does not mean that analysts are actually doing this.
The technical capability does not, in and of itself, equal an operational reality.
Am I missing your drift? Are you saying the NSA does not even have the technical capability to tap conversations in progress (or capture them for subsequent retrieval)?
...I am still not certain that Snowden's claims are valid. Maybe the technical capability is hacking the system or otherwise gaining unauthorized access (not even sure that's feasible), but I'm not sure about the claim that he could simply listen to phone calls at his desk.
HardTimes99
(2,049 posts)specialized in providing calling services to prison and jail inmates. (It was a very sleazy experience and I had to shower every night when I got home from work, but that's a whole other story.) Every one of the inmates' calls was recorded and placed in a master call database, in case law enforcement needed to listen in after the fact. (And I could listen to these recorded calls, although I hasten to assure you I did not!)
This was back around 2004. So I share your uncertainty about whether an analyst would be technically able to tap into a live call in progress from his or her desk -- I've read arguments pro and con on that -- but, based on my experience, those calls could certainly be recorded for later listening. Again, though, just because they could be recorded doesn't mean they were, nor that Snowden would have had access to any calls so recorded.
ProSense
(116,464 posts)snooper2
(30,151 posts)Otherwise we wouldn't have to use trusted third parties for CALEA enforcement.
HardTimes99
(2,049 posts)being snarky, just trying to make sure I'm understanding where you're coming from.
Along those lines, what is 'CALEA enforcement'? (Sorry, I don't recognize the acronym).
snooper2
(30,151 posts)CALEA - an act passed by Congress in 1994 to help define wiretapping requirements mandated by the FCC
Here's a post I did a while back trying to explain how it actually works (when a carrier receives a warrant for surveillance of a target)
-----------------------------------------------------------------
Today our new term to learn is "Safe Harbor"
Most all companies outsource the connectivity to LEA (law enforcement agencies) to a trusted third party. Usually an MPLS VPN is established using a couple 10M or 100M circuits to the company you contract with, the trusted third party.
You can either let them directly handle the warrants and implement the tap by giving them access to your switches, OR, you have your own personnel with the proper clearance to implement the "tap" and direct the traffic over that MPLS VPN back to the trusted third party, who then send the traffic to various LEA. These companies already have the data connectivity back to places like Quantico. Google Quantico if you haven't heard that term before.
Here are two companies who do this for a living-
West Central Support
http://www.wcsupport.com/calea.php
West Central Support Offers a Complete CALEA Solutions Package
West Central support provides Procera Networks PacketLogic platform, a cost effective, complete, and scalable solution that seamlessly integrates into the service provider's existing network, without the need to upgrade any network element in the network infrastructure fabric. Procera's unique value proposition is that in addition to being able to handle the Interception and Delivery of content as sanctioned by the FCC CALEA regulations, the solution also delivers the most accurate, policy-based traffic management capabilities for Broadband Service Providers (BSPs).
In addition to providing Procera Networks' PacketLogic platform as a viable CALEA solution, West Central Support provides Trusted Third Party (TTP) CALEA services. We will analyze your network to identify the optimal location for the Packet Logic platform and assist in the set up, installation, and testing of the equipment. As the TTP, West Central Support will receive the intercept request from the ISP and appropriately configure the rules in PacketLogic to meet the specifics of the intercept request as well as facilitate information delivery to the LEA and handle the appropriate paperwork and filings.
http://www.subsentio.com/
SUBSENTIO THE MARKET LEADER IN ELECTRONIC SURVEILLANCE SERVICES
At Subsentio, Safe Harbor is not just a provision within the Communications Assistance for Law Enforcement Act of 1994 (CALEA), it is our business philosophy. Our mission is to provide a safe environment for service providers, their subscribers and law enforcement should a need for electronic surveillance arise. This level of trust to provide a Safe Harbor in an industry that is turbulent at best can only be delivered by personnel with decades of experience expertise that is unmatched within this small, but vitally important, niche of telecommunications. For Subsentio, providing Safe Harbor is not a job, it is our passion.
Based in Centennial, Colorado, Subsentios surveillance technology connects telecommunication service providers with Federal, State and Local Law Enforcement monitoring centers to comply with lawfully authorized electronic surveillance (LAES) court orders. From national carriers to ultra-small rural providers, Subsentio is responsible for millions of subscribers with a wide range of communication services. These services are often complex, multi-vendor environments encompassing differing phases of technological approaches that require our expertise to properly perform a lawful intercept.
HardTimes99
(2,049 posts)that the NSA's core mission is Signal Intelligence ('SigInt') and simple logic suggests that it would hardly need to contract with outside third parties to gain access to a given telco's switch and its residual software (provided the telco cooperated or complied with a National Security Letter).
Which brings me back to my original point: the fact that the NSA can do something, i.e., has the technical capability to do something, does not mean that the NSA is doing something.
BTW, I worked in telecom in tech support for about 2.5 years but it was a few years back and I've forgotten a lot. So please excuse me for any lapses in memory
Logical
(22,457 posts)trust them not to abuse the data. And do not think it has stopped 10 terror attacks much less 50.
Monkie
(1,301 posts)have a nice day, sir.
HardTimes99
(2,049 posts)criticizing its NSA coverage might result in the sender being swept up in the dragnet (because the Guardian is based outside the U.S.). That would truly be an irony worthy of Orwell or Joseph Heller.
Monkie
(1,301 posts)you are right it is absurd, especially considering they seem to claim the right to store your data for 5 years, and if you said anything criminal or potentially criminal on the guardian website, if you commented on a topic relating to the occupy movement, or the demonstrations in brazil or turkey that are just a bit too positive, well that is almost terrorism? almost a threat to property?
BenzoDia
(1,010 posts)Thinkingabout
(30,058 posts)Snowden has set himself up as a criminal, apparently intentionally gathered and released information which is not allowed by his Code of Ethics with NSA.
dkf
(37,305 posts)However, alongside those provisions, the Fisa court-approved policies allow the NSA to:
Keep data that could potentially contain details of US persons for up to five years;
Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
Preserve "foreign intelligence information" contained within attorney-client communications;
Access the content of communications gathered from "U.S. based machine[s]" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.
Where the NSA has no specific information on a person's location, analysts are free to presume they are overseas, the document continues.
http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant
Pholus
(4,062 posts)Almost sounds like a fishing expedition is allowed to save information that could sink an opposition candidate as long as there is a suspicion that that person's electronic communications contains "information on criminal activity."
dkf
(37,305 posts)Do politicians encrypt their emails? If there is any profession that does all their emails are open to scrutiny.
winter is coming
(11,785 posts)So we should believe the NSA is now restricting itself only to what is "allowed" because...?
marions ghost
(19,841 posts)No matter these procedures. The secrecy surrounding the surveillance indicates that we are not protected. There is no real justification for this degree of data mining. People can list all the official procedures "on paper" they want. It does not amount to protections. We were not supposed to know this was even going on, so how do you trust anything after that? "Judgement calls from analysts" with little oversight. They railroaded this past congress and the president IMO. The people have had no voice in it until now.
(OP: my comments are rhetorical).
Bookmarking for later
byeya
(2,842 posts)marions ghost
(19,841 posts)And I think it would be apparent to most lawyers. But the People did not get to read the fine print. They got no legal advice. Because even Congress did not know how bad it is, there wasn't adequate oversight. Railroaded through via the Senate "Intelligence" Committee =
It was Decided--as though we are children needing big daddy (or big brother) to protect us. Arrogance and over-reach doesn't begin to account for the breach of the public trust here. The reality is worse. We should all feel insulted--those of us who are not complicit.
Major Hogwash
(17,656 posts)Hopefully, more and more actual facts can come out about the NSA program to answer the questions that some people had about it.