I do not see anything particularly alarming or threatening in them. Obviously, any set of guidelines could be abused, but if these are run by normally accepted definitions of the terms employed, this is pretty innocuous.

"I do not see anything particularly alarming or threatening in them. Obviously, any set of guidelines could be abused, but if these are run by normally accepted definitions of the terms employed, this is pretty innocuous."

...forced to debate this on the facts, and the potential for abuse seems to be the most dire concern: "The oversight procedures are pretty thin."

The methods and scope are also an issue.

originally said, at least as I read and listened to him.

Snowden claimed NSA analysts and contractors like himself could tap into any phone call they desired, not that they actually were doing so. (The act of actually doing it may have been implied in some of Snowden's words or some of Greenwald's writing that I missed and, if so, I stand corrected.) Likewise, Snowden may have claimed (although I don't recall it) that the NSA could store every phone call but not that they actually were storing every phone call.

To me, there's a galaxy of difference between a technical capability to do something -- itself debatable -- and the fact that something technically capable is actually being done.

Am I making too much of a distinction without a difference?

BTW, thank you very much for posting this. I am reccing for what the nuances it adds to the heated discussion.

"Snowden claimed NSA analysts and contractors like himself could tap into any phone call they desired, not that they actually were doing so. "

...there is still authorization required, and only a small pool are authorized to access the data.

just because an analyst is technically capable of tapping a call in progress (or capturing and storing it for subsequent retrieval) does not mean that analysts are actually doing this.

The technical capability does not, in and of itself, equal an operational reality.

Am I missing your drift? Are you saying the NSA does not even have the technical capability to tap conversations in progress (or capture them for subsequent retrieval)?

specialized in providing calling services to prison and jail inmates. (It was a very sleazy experience and I had to shower every night when I got home from work, but that's a whole other story.) Every one of the inmates' calls was recorded and placed in a master call database, in case law enforcement needed to listen in after the fact. (And I could listen to these recorded calls, although I hasten to assure you I did not!)

This was back around 2004. So I share your uncertainty about whether an analyst would be technically able to tap into a live call in progress from his or her desk -- I've read arguments pro and con on that -- but, based on my experience, those calls could certainly be recorded for later listening. Again, though, just because they could be recorded doesn't mean they were, nor that Snowden would have had access to any calls so recorded.

Otherwise we wouldn't have to use trusted third parties for CALEA enforcement.

being snarky, just trying to make sure I'm understanding where you're coming from.

Along those lines, what is 'CALEA enforcement'? (Sorry, I don't recognize the acronym).

CALEA - an act passed by Congress in 1994 to help define wiretapping requirements mandated by the FCC

Here's a post I did a while back trying to explain how it actually works (when a carrier receives a warrant for surveillance of a target)


-----------------------------------------------------------------


Today our new term to learn is "Safe Harbor"

Most all companies outsource the connectivity to LEA (law enforcement agencies) to a trusted third party. Usually an MPLS VPN is established using a couple 10M or 100M circuits to the company you contract with, the trusted third party.

You can either let them directly handle the warrants and implement the tap by giving them access to your switches, OR, you have your own personnel with the proper clearance to implement the "tap" and direct the traffic over that MPLS VPN back to the trusted third party, who then send the traffic to various LEA. These companies already have the data connectivity back to places like Quantico. Google Quantico if you haven't heard that term before.

Here are two companies who do this for a living-


West Central Support
http://www.wcsupport.com/calea.php

West Central Support Offers a Complete CALEA Solutions Package
West Central support provides Procera Networks PacketLogic platform, a cost effective, complete, and scalable solution that seamlessly integrates into the service provider's existing network, without the need to upgrade any network element in the network infrastructure fabric. Procera's unique value proposition is that in addition to being able to handle the Interception and Delivery of content as sanctioned by the FCC CALEA regulations, the solution also delivers the most accurate, policy-based traffic management capabilities for Broadband Service Providers (BSPs).

In addition to providing Procera Networks' PacketLogic platform as a viable CALEA solution, West Central Support provides Trusted Third Party (TTP) CALEA services. We will analyze your network to identify the optimal location for the Packet Logic platform and assist in the set up, installation, and testing of the equipment. As the TTP, West Central Support will receive the intercept request from the ISP and appropriately configure the rules in PacketLogic to meet the specifics of the intercept request as well as facilitate information delivery to the LEA and handle the appropriate paperwork and filings.






http://www.subsentio.com/
SUBSENTIO — THE MARKET LEADER IN ELECTRONIC SURVEILLANCE SERVICES
At Subsentio, Safe Harbor is not just a provision within the Communications Assistance for Law Enforcement Act of 1994 (CALEA), it is our business philosophy. Our mission is to provide a safe environment for service providers, their subscribers and law enforcement should a need for electronic surveillance arise. This level of trust to provide a Safe Harbor in an industry that is turbulent at best can only be delivered by personnel with decades of experience — expertise that is unmatched within this small, but vitally important, niche of telecommunications. For Subsentio, providing Safe Harbor is not a job, it is our passion.

Based in Centennial, Colorado, Subsentio’s surveillance technology connects telecommunication service providers with Federal, State and Local Law Enforcement monitoring centers to comply with lawfully authorized electronic surveillance (LAES) court orders. From national carriers to ultra-small rural providers, Subsentio is responsible for millions of subscribers with a wide range of communication services. These services are often complex, multi-vendor environments encompassing differing phases of technological approaches that require our expertise to properly perform a lawful intercept.

that the NSA's core mission is Signal Intelligence ('SigInt') and simple logic suggests that it would hardly need to contract with outside third parties to gain access to a given telco's switch and its residual software (provided the telco cooperated or complied with a National Security Letter).

Which brings me back to my original point: the fact that the NSA can do something, i.e., has the technical capability to do something, does not mean that the NSA is doing something.

BTW, I worked in telecom in tech support for about 2.5 years but it was a few years back and I've forgotten a lot. So please excuse me for any lapses in memory

trust them not to abuse the data. And do not think it has stopped 10 terror attacks much less 50.

have a nice day, sir.

criticizing its NSA coverage might result in the sender being swept up in the dragnet (because the Guardian is based outside the U.S.). That would truly be an irony worthy of Orwell or Joseph Heller.

you are right it is absurd, especially considering they seem to claim the right to store your data for 5 years, and if you said anything criminal or potentially criminal on the guardian website, if you commented on a topic relating to the occupy movement, or the demonstrations in brazil or turkey that are just a bit too positive, well that is almost terrorism? almost a threat to property?

Snowden has set himself up as a criminal, apparently intentionally gathered and released information which is not allowed by his Code of Ethics with NSA.

However, alongside those provisions, the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Preserve "foreign intelligence information" contained within attorney-client communications;

• Access the content of communications gathered from "U.S. based machine[s]" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.




Where the NSA has no specific information on a person's location, analysts are free to presume they are overseas, the document continues.

http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant

Almost sounds like a fishing expedition is allowed to save information that could sink an opposition candidate as long as there is a suspicion that that person's electronic communications contains "information on criminal activity."

Do politicians encrypt their emails? If there is any profession that does all their emails are open to scrutiny.

So we should believe the NSA is now restricting itself only to what is "allowed" because...?

No matter these procedures. The secrecy surrounding the surveillance indicates that we are not protected. There is no real justification for this degree of data mining. People can list all the official procedures "on paper" they want. It does not amount to protections. We were not supposed to know this was even going on, so how do you trust anything after that? "Judgement calls from analysts" with little oversight. They railroaded this past congress and the president IMO. The people have had no voice in it until now.

(OP: my comments are rhetorical).

Bookmarking for later

And I think it would be apparent to most lawyers. But the People did not get to read the fine print. They got no legal advice. Because even Congress did not know how bad it is, there wasn't adequate oversight. Railroaded through via the Senate "Intelligence" Committee =



It was Decided--as though we are children needing big daddy (or big brother) to protect us. Arrogance and over-reach doesn't begin to account for the breach of the public trust here. The reality is worse. We should all feel insulted--those of us who are not complicit.

Hopefully, more and more actual facts can come out about the NSA program to answer the questions that some people had about it.