Let's Fix This Country
surveillance

NSA in Crosshairs of Court, Congress and Obama Panel

And why brute force metadata collection was all wrong

All three branches of the government have converged to say that the NSA has taken too many liberties with Americans’ civil liberties. The president’s panel served up 46 recommendations for how better to conduct intelligence gathering while protecting our privacy, there’s a bill in Congress that makes the same proposals, one federal judge said what NSA has been doing is “almost certainly unconstitutional”, another that total surveillance is lawful (both covered below). Against this backdrop, President Obama is proposing token changes that leave the most odious
practices in place: the sucking up of everyone's phone data and continuance of the so-called "national security letters" that allow the FBI to raid our homes and offices without search warrants.

That is contrary to the 5-man panel appointed by the president in August in the wake of Edward Snowden’s explosive revelations, which said that the agency’s storing the records of the entire population’s phone calls should cease, that the data should be left with the phone companies or with an independent consortium. Obama practice is to ignore the advice of his own commissions (viz: Bowles-Simpson).

In a widely ridiculed hagiography of NSA on “60 Minutes” in mid-December, NSA chief Gen. Keith Alexander bridled at the notion of leaving the data with the phone companies, saying

“if you don’t have the data someplace you can’t search it... different phone companies have different sets of records. And these phone calls may go between different phone companies. If you only go to one company, you'll see what that phone company has. But you may not see what the other phone company has … So by putting those together, we can see all of that essentially at one time.

The interviewer asked, “Before 9/11, did we have this capability?”. Alexander: “We did not”.

Not true, and by allowing such assertions to go unchallenged, “60 Minutes” and others serve to keep buried that we have long had technology that could have entirely avoided the gargantuan privacy violations that NSA has perpetrated in secret for years.

Update:  Dec.30: On almost the same day we published this article, the Wall Street Journal ran this lengthly piece focused on William Binney that gives the same account of how NSA should have gone about safeguarding the country as we make plain below and have been reporting over the last 18 months.
    

First, a bit of background to make the point that Snowden’s revelations about NSA spying on phone traffic had been heard before. There was the New York Times exposé in 2005 that laid bare the Bush administration’s warrantless spying, but that was on international traffic, or so it was said. Early in 2013, in this account of the Supreme Court blocking challenges to international snooping, we reported on whistleblowers who had for years been trying to alert us that the agency was not just monitoring international traffic, but had turned its surveillance eyes and ears on the U.S. and its citizens. It told of Mark Klein, a newly retired AT&T technician who in 2006 revealed that the NSA had its own room at AT&T in San Francisco that received a splitter feed of every fiber-optic signal routed through its facilities — not just AT&T’s, but virtually those of all other telecom and internet companies. Klein knows because it was he who hooked up the connections.

Following up on that lead, USA Today reported that same year that MCI, AT&T and Sprint had all been granting “access to their systems without warrants or court orders”.

But of greatest interest in light of the president’s panel is the trio of William Binney, Edward Loomis and J. Kirk Wiebe, who all left NSA in disgust in 2001 over the waste and fraud they had witnessed. They had developed a software system with an emphasis on privacy safeguards that could analyze data from multiple sources and find links and correlations. Their system was dubbed ThinThread. The NSA had seen fit to junk it.

Recommendation number 20 from the president’s panel's report hits upon the same approach, proposing "Software that would allow…intelligence agencies more easily to conduct targeted information acquisition rather than bulk-data collection".

That this trio’s unit at NSA had already developed just such software undercuts Alexander’s claim that “We did not” have such a capability before 2001 as well as his assertion that NSA needed to extract and store all the phone companies’ data in a single, sprawling repository because “if you don’t have the data someplace you can’t search it”.

The group had pressed NSA to use their far more economical technology but, as Binney has said, the trio’s $3 million undertaking could not compete with a mindset that thought that to develop a surveillance capability surely NSA should sign on with heavy hitters such as SIAC (Science Applications International Corporation), Boeing and Booz Allen Hamilton in contracts totaling $280 million. That project was called Trailblazer. It would go several hundreds of millions over budget costing over $1 billion, ran years behind schedule and was cancelled.

It was succeeded by Turbulence, an apt name for the whirlwind it has reaped if that project is what is responsible for today’s brute force collection of total phone data.

How did ThinThread work? In contrast, it was a software kernel capable of reaching into remote databases to find only what it was looking for and leaving all the rest in place, rather than what became NSA’s all you can eat approach. "Why bring back a lot of stuff that you may never use?", Kirk Wiebe would say.

Wiebe, Binney and Loomis became whistleblowers, filing with the Department of Defense inspector general a complaint of fraudulent and wasteful use of taxpayer money and illegal spying that led to an investigation that ran until 2005 — the year of the Times story. Few ever saw the IG’s classified report; a public version was 90% redacted.

When the Baltimore Sun broke the story of the Trailblazer fiasco, George W. Bush in 2005 ordered the FBI to track down the leaker. Learning of the whistleblower complaint, the FBI in 2007 raided the homes of Binney and Wiebe — at gunpoint says Binney. Later, the FBI raided the home of Thomas Drake, who had been a senior NSA official also concerned for what seemed to him as illegal spying, and he was found to be the Sun reporter’s source. As we recounted in another piece a year and a half ago about Obama’s campaign against whistleblowers, Drake faced 35 years in prison. The case was so weak that the government settled for a face-saving misdemeanor charge but Drake had been fired, had lost his pension and was ruined financially by legal costs.

This, let us be reminded, was for daring to expose government incompetence and its huge waste of taxpayer money when an inexpensive alternative was already on the shelf.

Before Snowden appeared, we quoted Binney in the 2013 article warning us that the NSA had already captured between 15 and 20 trillion communications, and was preparing to collect on the order of 5,000 exabytes (an exabyte is a 10 with 17 zeroes after it) of data. We had said:

emboldened by the enormous gains in storage technology, the NSA decided not to bother with the filtering protocols that Binney himself had devised when at the agency, but rather to simply collect everything — every e-mail, every cell and landline phone call, every credit card billing record, Facebook post, Twitter tweet and Google search of everyone in the country. To warehouse all the collected data, NSA is building a massive complex in a remote town in Utah named Bluffdale.

What we wrote then about ThinThread, what the four NSA alumni were trying to tell us, and what we only knew then to describe as “data monitoring software” in our May 2012 article is proven to be all of a piece with the huge phone metadata dragnet that Snowden exposed. News organizations, though, do not seem to have connected these same dots. They are reporting the president’s panel recommendation of phone companies retaining their data or feeding them to an independent consortium as a new approach, with no realization of ThinThread.

Were overly extravagant claims made for ThinThread? What would it be required to do? Here are the job specs:

From a remote location anywhere — perhaps a little bunker at Bluffdale, Utah, as opposed to the giant data warehouse the NSA built there — the job, after obtaining a warrant from the always-on FISA court, is to reach into the dataset of the phone company where a target’s account resides to summon all the records of calls; then, using privacy encryption all the way, electronically connect to the datasets of the same and other phone companies holding the accounts — the phone numbers — that the target called; and then continue to hop back and forth to wherever the datasets lead in the phone records tracing the numbers each account in the growing web called in turn.

Can this be done? Just ask Palantir Technologies, a company co-founded by tech-adept Peter Thiel, who founded PayPal and thought its fraud detection capabilities could be leveraged to greater purpose.

A fascinating Bloomberg/BusinessWeek article from 2011 describes Palantir as a company whose “technology essentially solves the Sept. 11 intelligence problem”. Well beyond relatively homogeneous phone records — calling number, date and time, number called, duration — government agencies have myriad databases holding information “each with its own quirks: financial records, DNA samples, sound samples, video clips, maps, floor plans, human intelligence reports from all over the world”. Palantir mines these disparate datasets to find scraps of information associated with a target and assembles them into a coherent story brought together on a screen at a remote location. This is not just a concept in the birthing stages. Palantir by 2011 was a $250 million business with a customer list including the defense department, CIA, FBI, Army, Marines, Air Force, the police departments of New York and Los Angeles, and banks looking to detect fraud.

(After this article was first posted, we chanced on a quote by Thiel, now Palantir's chairman, matching what we say here: "Technology means doing more with less. When it comes to national security this means increasing safely while reducing violations of civil liberty". Thiel is an outspoken libertarian, so we don't regard his words as the usual corporate PR blather.)

NSA could have taken this route. Instead, we have NSA’s crudely indiscriminate collection of total phone data and the uge sum this has cost taxpayers over the years. There never had to be the $1.5 billion complex the NSA just built at Bluffdale, Utah, to warehouse the data.

Will the administration catch on? Gen. Alexander in an interview two months ago he said it may be several years before the United States can develop technology that would make it unnecessary for the government to amass that data in its own storage sites, revealing that even now he is unaware that Palantir-style technology exists to reach into remote data sites and extract only relevant data. And after exhibiting his yawning gap in computer literacy that Obamacare exposed, will the president, too, be blind to recommendation 20?

3 Comments for “NSA in Crosshairs of Court, Congress and Obama Panel”

  1. The programs that he disclosed were generally public knowledge. I remember in my radio shack electronics days, that we used to use tone codes to surf the telephone system, and any electronics geek knew that the government had put in back doors on telephone and computer systems. Russia and China certainly knew. What’s important here is who has been abused and in what manner. If the government hasn’t used it’s legally acquired power in a lawful manner, it must be corrected. If there is egregious violations, then Snowden is a hero and we should support hum. I would if I thought he had uncovered something valuable. I still hope for his sake that he can come up with something. Right now to me it looks like he just went off with classified documents to a foreign government. I mean even Putins remarks show how little Snowden has. If it was something really good, they’d be proud to let him in and rub our noses in our crimes. Whether they were toward Russia or American citizens. If it was against Americans they would be deriding us. Instead he say’s that Snowden can stay if he just shuts his trap up, and stops harming relations between Russia and the US. That’s sad. Snowden is a bomb shell that just fizzles. He’s guilty of breaking his oath and espionage. Legally speaking, those are some of the worst crimes that you can be convicted of. It’s ranked so Hugh because aiding and abetting an enemy or potential enemy can cost many lives. It’s similar to conspiring to commit murder. Whether or not you think the punishment fits the crime is a moot point. The law is the law. He most definitely showed classified documents to foreign nations. He is guilty of that crime. Whether or not Tge revelations about domestic spying can counter this in public opinion is irrelevant. One does not counteract the other. In my eyes he’s a sorry fool who should have just posted it secretly to Wikkileaks. In the long run I feel sorry for him. He threw his life away for no good reason. Deep throat exposed Nixons malfeasance for years and only fairly recently revealed his identity. All of this does illustrate one thing. We have little memory of past events, and how our government works. The Patriot Act was debated and modified in relatively open debate in congress. What Bush originally proposed was hemmed in because it was illegal. It was a contentious debate. How little we pay attention until it affects our emotional brain. Then outrage and indignation sets in. This event is in actuality being played like a fiddle for it’s political value.

  2. Kim Atkinson

    Either his inept management or sheer misguidedness have made Obama a villain in this overarching American security fiasco. Would Obama ever be capable of acknowledging the scale of hypocrisy of his record vs. his campaign promises? He has turned out to be a mirage and as bad as any of our presidents from Reagan onward.

  3. Duncan Smith

    Excellent summary, as always. The story (which I read in detail before) about Thin Thread technology is an amazing technological achievement in an utterly devastating morass of high level government hubris, incompetence, and revenge.

    UGH!

    Happy New Year.

What’s Your View?

Are you the only serious one in your crowd?
No? Then how about recommending us to your serious friends.

Already a subscriber?
We are always seeking new readers. Help this grow by forwarding a link to this page to your address list. Tell them they're missing something if they don't sign up. You'll all have something to talk about together.

Not a suscriber? Sign up and we'll send you email notices when we have new material.
Just click HERE to join.
Are you the only serious one in your crowd?
No? Then how about recommending us to your serious friends.

Already a subscriber?
We are always seeking new readers. Help this grow by forwarding a link to this page to your address list. Tell them they're missing something if they don't sign up. You'll all have something to talk about together.

Not a suscriber? Sign up and we'll send you email notices when we have new material.
Just click HERE to join.
CLICK IMAGE TO GO TO FRONT PAGE,
CLICK TITLES BELOW FOR INDIVIDUAL ARTICLES