Mobile phone tracking, social networks and total information dominance; a round-up of recent NSA revelations.

Crying wolf: James Clapper, Keith Alexander and the government shutdown

So, this week saw the first US government shutdown in almost two decades. This follows a failure to agree on a new budget after the Republican-led House of Representatives tied their approval of said budget to the condition of delaying Obamacare. Now, as a left-leaning non-conservative European who has enjoyed the benefits of both mandatory health insurance in continental Europe and the NHS in the UK, I have serious trouble understanding why legislation that provides health insurance to some 45 million uninsured people is a bad thing. My impression is that, as far as this is concerned, European thinking is fundamentally different from American thinking – and I don’t mean this in a judgmental way. At least not until someone more familiar with the matter confirms to me that a case can be made for being judgmental about it.

Anyway, I am not going to address Obamacare or the debate it has sparked (although I may yet, in future posts, as I do find the lengths to which some Republicans seem willing to go to oppose this law instinctively shocking).

What I am going to talk about this week is, once again, the NSA and its chief, General Keith Alexander. Inevitably, this also means talking about US Director of National Intelligence, James Clapper.

Did you hear what Mr Alexander’s and Mr Clapper’s response to the government shutdown was? Can you guess? Yes, that’s right: they said it threatened national security. More specifically, Mr Clapper called it an “”insidious” threat to national security that will increase the longer thousands of workers are off the job.”

Now, don’t get me wrong. I am sympathetic to all US employees – NSA or otherwise – that have been sent home on unpaid leave because of the shutdown. Losing what could be substantial amounts of your salary like that is a harrowing thought.

But I cannot be the only to whom Messrs Clapper and Alexander are beginning to sound like the boys who cry wolf. I mean, given the number of times that both gentlemen have shouted about MASSIVE THREATS TO NATIONAL SECURITY BEWARE WE’RE ALL GOING TO DIE since the first Snowden revelations in June, I wonder how much more often they can pull this off before people start questioning, if not the reality then at least the alleged immediacy of the threat (not that they’re not doing that anyway).

Mr Clapper, in response to the impact of the government crisis on operations at the NSA: “We will make adjustments depending on what we see as the potential threats to life and property.”

Now. Is it a bit odd that the NSA does not seem to have a contingency plan for this kind of scenario in place considering that government shutdowns have occurred several times before in US history? I don’t know.

In Defense of the General and his boss

But perhaps we should cut Mr Clapper and Mr Alexander some slack. Some four months they have had, eh?

One minute, everything is going according to plan, the Utah Data Centre, aka Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, the NSA’s newest hard-drive […] cloud, […] warehouse” was coming along nicely. Eventually it would be capable of storing “data at the rate of 20 terabytes” per minute and, according to ex-NSA mathematician turned whistleblower William Binney, also “likely have spare capacity for “brute force attacks” – using speed and data hoards to detect patterns and break encrypted messages in the so-called deep web where governments, corporations and other organisations keep secrets” with “no distinction between domestic and foreign targets.” Oh brave new world! It is Mr Alexander’s an all-collector’s dream come true.

And then along came Edward Snowden. With his proverbial whistle, he woke the NSA rather abruptly from their dream of total information dominance, only to then abscond to Russia and leave them in the lurch. The rascal!

No wonder some of the higher figures seem have gone a bit bonkers. Former NSA and CIA chief Michael Hayden is the second person recently to be suffering from temporary insanity; he joked (!) about Edward Snowden being placed on a kill-list.

In case you are wondering: no, this is not funny – let alone appropriate or tasteful – under any circumstance. I’d say it is about as daft as Mr Hayden’s suggestion that Snowden will end up an alcoholic, except it’s not just daft; the idea of kill lists in and of itself is sick – to joke about it…well, it’s probably best not to listen to anything Mr Hayden has to say for a while.

And no, of course we should not cut them any slack!

Not a sweet dream but an Orwellian nightmare

In the Guardian, editor Alan Rusbridger has called NSA surveillance “beyond Orwellian”, pointing out that the “infrastructure [that] ha[s] been created […] could be dangerous if it fell into the wrong hands” and that “[i]n history, all the precedents [that involved an infrastructure for total surveillance] are unhappy.”

Rusbridger’s remarks are noteworthy in that they refuse to demonize (as many have done) the perpetrators, while also making it clear that what Edward Snowden really tried to do was tell the world, its governments and intelligence agencies: “Look, wake up. You are building something that is potentially quite alarming.” The thing is, there is nothing “potential” about it and “alarming” does not even begin to describe what is going on.

We have all heard about programmes like Prism, the data mining activities of Britain’s GCHQ, and the deals our spy agencies have with each other.

Yet, one of the revelations that still creeps me out the most is the one about Boundless Informant, especially following the most recent news that the NSA “in an experiment” tracked mobile phone location data, and that it indeed gathers data on the social connections of US citizens.

I am aware that Mr Alexander denounced the latter claim as “flat wrong” but given that a special dictionary seems required to understand what Mr Alexander and the NSA are really saying (and on which I have commented in my previous post), I am not sure how exactly the statement that they are “not creating social networks on our families,” should be read. Are those the same families, Mr Alexander, who you recently wrote a letter to? Or the families of innocent Americans? Because I am pretty sure the families of innocent foreigners, for a start, aren’t included in this.

Mind you Mr Alexander later “appeared to row back on [his former] position” (the one where he said the New York Times report was “flat wrong”), “stressing that the NSA was obtaining supplementary information, under executive order 12333, to connect data they already have “to social networks abroad”.

Even if we were to take Mr Alexander’s reassurances that the NSA aren’t spying on whoever’s families at face value, I’d still have a couple of questions about the ““contact chaining” of Americans who [are] in touch, directly or indirectly, with foreign intelligence suspects”, not to mention the question of why exactly the tracking of mobile phone data may be “a future requirement”.

Truly without bounds?

Here is why I find this so alarming. When I first heard about Boundless Informant, I understood it to mean something like this:

“[The spooks] can theoretically draw up a map of all networks in a given society and basically the entire world. Imagine this: a map with you at its centre, showing every single link you have with anyone in your network. And the links they have with everyone in their networks and the links their friends have, and the friends of their friends have, and so on.”

Seems I got that one right. The spooks can create that map – and they can track us on it.

According to the NY Times (in that article denounced as “plain wrong” by Mr Alexander): “Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.”

In short: they know which god you worship, which politician you support, if you have depression, an eating disorder or an alcohol problem or if you are having an affair. Take a look at some rather revealing documents on how this works here – do you get it? This is precisely what opponents of surveillance mean when they say that everyone should be allowed the privacy necessary to keep a couple of little secrets. I, for one, don’t see how any of the above makes you a terrorist threat and thus the kind of target that the NSA chief claim justifies surveillance of this magnitude.

Unfortunately, a legislation shift in 2011 “authorized [the NSA] to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier”. So much for requiring a warrant to spy domestically. Make no mistake, “analysts [can] trace the contacts of Americans as long as they cite[…] a foreign intelligence justification. That [can] include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists.” And even “[i]f the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.” Good job they’re building that large hard-drive in Utah then, eh? They’ll obviously need the storage space. And just because they may not be tracking their, our, your families yet, does not mean that you and me and everyone we know could not, theoretically, become a target. At some point in the future, you might show show up in one of these networks, simply because someone you know knows someone who knows someone who once Skyped someone overseas who is being observed by the NSA. Don’t know about you but I don’t feel reassured in any way.

Stronger legislation required

I’d say Christopher Calabrese, ACLU legislative counsel, is right when he says that “the NSA’s attempt to collect this data shows the need for stronger legislative oversight of the agency’s activities.”

Obviously, Messrs Clapper and Alexander aren’t of the same mind. They have once again “appealed to Congress not to allow the string of [Snowden] revelations to […] limit the powers of the intelligence community,” criticising the media for making reports that were “misleading” and – wait for it – “dangerous to national security”.

It is not surprising that Mr Clapper and Mr Alexander would want to keep the law on their side. In Europe, GSHQ is currently facing a legal challenge over online privacy.  

Yet Patrick Leahy, a Democrat who is drafting legislation to reform US government surveillance, wasn’t impressed by the arguments of the two men: “Both of you have raised concerns that the media reports about the government’s surveillance programs have been incomplete, inaccurate, misleading,” Leahy said. “But I worry that we’re still getting inaccurate and incomplete statements from the administration.”

Leahy is currently drafting a bill to limit NSA surveillance – in partnership with Jim Sensenbrenner no less. Sensenbrenner is not only chair of the crime and terrorism subcommittee of the House of Representatives but also the author of the Patriot Act “a law he now says was misinterpreted by spy agencies and used to justify surveillance programs that infringe on constitutional rights.”

What is interesting in this context, and also with regard to recurring claims that the Snowden leaks, and lately the shutdown, are damaging national security, while NSA surveillance of this scale is absolutely necessary for it, is what Leahy says about “claims by the intelligence agencies that 54 terrorist attacks had been thwarted by two particular programs.” He says that this is “plainly wrong”. Even more interestingly, he even got Alexander to concede that “the 54 examples were “not all plots” and only 13 had a nexus in the US. [Alexander] also admitted there were only “one or possibly two” cases of terrorist activity that would not have been prevented “but for” section 215 of the Patriot Act, which authorises bulk phone record collection.”

Now, wouldn’t you agree with Leahy that this rather undermines the case made by the NSA and government that “the bulk collection of phone records is an effective tool”?


Recalling Project Bullrun

And as for protection from these practices. Let me just quickly remind you again of one of the most momentous stories recently: that the NSA and GCHQ have inserted back doors into encryption programmes, working with “American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data that users believe is secure.” This not only means that the NSA “has moved beyond its historic role as a code-breaker to become a saboteur of the encryption systems.” Importantly, and – as Jon Healy writes in the LA Times frighteningly – this has “allegedly weakened the scrambling not just of terrorists’ emails but also bank transactions, medical records and communications among coworkers.”

By the way, this isn’t the first time the NSA has tried something like this but a previous “public battle in the 1990s to insert its own “back door” in all encryption” didn’t work so well. Back then, president Clinton’s government proposed something called “the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key”. Unsurprisingly, “[t]hat proposal met a broad backlash from an unlikely coalition that included political opposites”.

Sound familiar? It would, wouldn’t it, given the “unlikely coalition” that formed in support of the Amash amendment recently and the bipartisan opposition to NSA surveillance practices in Congress. In the 1990s, it was “argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology.”

Thus defeated the NSA then “set out to accomplish the same goal by stealth.” Take a look at leaked documents regarding project Bullrun which reveal “that the agency has capabilities against widely-used online protocols such as HTTPS”.

Now, 20 years post the Clipper Chip attempt, there seems to be a very real chance that the NSA will if not kill, then certainly significantly weaken both the Fourth Amendment and American’s global edge in technology. Because “encryption in universal use” has been compromised, “including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones” there is a lot of talk about how far American tech companies can be trusted – or what will, in fact happen to those who can be trusted, like Edward Snowden’s email provider Lavabit whose founder defied FBI demands to turn over its crypto-keys. Spare a thought for Mr Ladar Levison who rather shuttered his company than to compromise the encryption of the customer the FBI was looking for – a “target” whose “offenses under investigation [had been] listed as violations of the Espionage Act and theft of government property — the exact charges that [had] been filed against [Edward] Snowden in the same Virginia court.”

Make no mistake, the kind of encryption that has been undermined by the NSA is what most of us rely on an every-day basis “often without realizing it […] every time [we] send an e-mail, buy something online […] or use a phone or a tablet on a 4G network.”

So not only are the joint practices of NSA and GCHQ potentially “a fundamental attack on the way the Internet works” but they are also evidence of the “fantastically naïve assumption that any vulnerabilities [the NSA] builds into core Internet technologies can only be exploited by itself and its global partners”.

The Guardian: “Backdoors are fundamentally in conflict with good security,” said Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union. “Backdoors expose all users of a backdoored system, not just intelligence agency targets, to heightened risk of data compromise.”


Adversaries: drone opponents, critics or counter-terrorism abuses and we – the general public

Says James Clapper: “It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that. […] The fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news.” My italics because these passages of the statement are particularly important for their implications. What Mr Clapper seems to be saying here is that one, the NSA’s decryption programme is targeted at the US’s adversaries and two, that it targets them by decrypting information.

Now, I am sure I am not the only one who spots the omissions here: obviously, the NSA (and other intelligence agencies for that matter) have not only been targeting their adversaries but “private individuals and businesses, most of them innocent of any wrongdoing”. Then again, “ordinary customers […] are tellingly referred to in the [NSA] document[s] as “adversaries”.

In this context, consider another recent revelation: namely how the NSA (and the British border police as well) views drone opponents and critics of counter-terrorism abuses as “adversaries”.

And obviously it is not just decryption we are talking about here; it is undermining encryption. These are not the same thing. The NSA has “not stopped at code breaking—[it has] also made sure that vulnerabilities have been inserted into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets.” Decryption suggests that you scramble a lock by using a key. Undermining encryption is weakening the lock itself or taking it away altogether.

Read the full stories by the Guardian and the New York Times for more information.

Now, I would like an explanation on how exactly this is simply an attempt at thwarting terrorist activities. In short, it isn’t. This isn’t targeting adversaries, but allies and, as Ryan Gallagher points out “surveillance tactics appear to have few limits, and while government officials have played up the necessity of the spying for counter-terrorism, it is evident that the snooping is often highly political in nature”. Consider the revelation by German weekly, Der Spiegel that GCHQ spied on Belgian telecoms firm Belgacom “whose major customers include institutions like the European Commission, the European Council and the European Parliament”.

So what?!

I think all of this does beckon the question of whether there are “really people who can read that and think to themselves: I sure do wish Edward Snowden had let us remain ignorant about all of this?”

I shouldn’t think so. Glenn Greenwald is right when he says that what’s truly shocking and incredible is “that the objective of the NSA is literally the elimination of global privacy: ensuring that every form of human electronic communication – not just those of The Terrorists™ – is collected, stored, analyzed and monitored.” It should be clear by now that something very dangerous is being built here. Would you really rather be ignorant about that or do you welcome the overdue debate that Snowden’s revelations have sparked and that might halt the NSA’s  total information dominance before it’s well and truly too late?

Janine Gibson, when asked recently about the “so what?” response still made by so many people, the one that maintains that “I follow the law. Why should I be afraid?” said: “It’s a perfectly reasonable point of view. As journalists, we’re OK with providing you with enough information that you can make an informed decision.”

So then people, let’s start making informed decisions, shall we?


News from the Snowdens? A P.S.

On a perhaps more cheerful note: according to reports in The Wall Street Journal Lon Snowden is currently planning a trip to Russia, even though he is not sure that he will get to see his son, due to safety concerns. According to Mr Snowden, Edward Snowden still has “no regrets” about blowing the whistle, despite the situation he is in.

Also, following a recent split from his legal team, Lon Snowden has made it clear that “his views had been misrepresented regarding Greenwald, WikiLeaks and the ACLU”. Specifically, Mr Snowden said: “I hold Ben Wizner and Glenn Greenwald in the highest regard and would have never said anything to discredit their work or to question their motives.”

Hat-tip to the elder Snowden – it seems obvious where his son gets it from.


One thought on “Mobile phone tracking, social networks and total information dominance; a round-up of recent NSA revelations.

  1. Pingback: Just Pondering Part 556 | Renard Moreau Presents

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s