I have no issue with the NSA monitoring traffic that the legal system has deemed they can capture. No secret courts are required. Courts can seal records and issue warrants without the recipient(s) knowing. Until the EFF, ACLU and the likes can perform their own review of the NSA program, how can you trust anything that the NSA has said or what they will say in the future? Much like the government couldn't prove backdoors in Huawei gear, but given that they used Huawei couldn't prove otherwise, maybe we should use the same system to the NSA and any government program? If the NSA has done nothing wrong, then they have nothing hide and should be welcome to an independent review that will clear them, right?
The US's National Security Agency (NSA) has issued a document titled The National Security Agency: Missions, Authorities, Oversight and Partnerships (PDF) that explains some of its operations - and includes a claim it “... touches about 1.6 per cent... “ of daily internet traffic and “...only 0.025 per cent is actually selected …
Monday 12th August 2013 06:08 GMT Anonymous Coward
While I am against things such as the UK's Snoopers Charter, or any system that monitors ALL internet traffic & communication, I am fully in favour of targeted intercepts, and if that means they need infrastructures in place to intercept, fine, as long as it takes a court order to do so, AND it is only used for serious crime i.e. Murder, People Trafficing, Drug Smuggling... Anyone using these powers to catch a minor criminal should be punished severely...
As soon as you take away judicial oversight of interception, you pave the way for 1984, where the thought police are abound... Although right now the thought police already are moving upon us, as soon as they criminalised pseudo-images, they became thought police...
Monday 12th August 2013 10:04 GMT Alan Brown
Monday 12th August 2013 12:14 GMT Ant Evans
Department of Information Retrieval
The interesting question for me is not what the NSA is *trying* to do, but what is in fact possible.
The chances that they or any other body can deliver value for money on this technologically ignorant and pork-laden political wild goose chase approaches 0.025% of 1.6%. There are no obvious incentives to apply an economic rationale. Even if there were, failure and success are both secret.
The NSA effort is politically inspired, but not politically accountable. It creates special interest groups that can use both secret failure and secret success to appropriate more resources.
It's sheer genius. It's the perfect scam. All that's missing is to charge the victims for their own interrogation.
Monday 12th August 2013 10:14 GMT Anonymous Coward
Monday 12th August 2013 19:32 GMT tom dial
Re: Finding the targets?
Unpleasant it is, but NSA developed *one* way (there surely are others) of finding *some* targets. With all the indignant commentary, I have seen no suggestion of an alternative that allows both potential advance warning and going back for a short period after a missed event (NSA says 30 days, I think, for most retained data).
Monday 12th August 2013 06:42 GMT LarsG
Monday 12th August 2013 10:03 GMT Psyx
"the Internet carries 1,826 Petabytes of information per day."
Much of which is duplicated en masse due to being -say- on the BBC news site, much of which is porn, much of which is Beyonce videos on YouTube. By the time you cull out all of that heavy-bandwidth traffic and mass publications, I suspect that the entire world's email and messaging is somewhat close to that 1.6% figure.
So basically it's a mis-used statistic that's intended as a publicity sop.
Monday 12th August 2013 15:00 GMT DrGoon
I wouldn't discount the porn or the Beyonce videos, only their duplicates. When any new video or image is uploaded, that is 'touched by the hand of NSA' but when it is downloaded, only the TCP headers (or 'metadata') are kept. Those are freebies and don't count towards the 'data' total. The 1,826 Petabytes of information consists largely of duplicate client requests for previously 'touched' data. The NSA likely only needs to 'touch' 29 Petabytes in order to capture everything - every header, every porn file, every mundane image upload on every image sharing site as well as the more savory web pages, emails, spam (just one copy of each) and all. The only duplicates that the NSA are collecting in their 29 Petabyte Total Internet Trawl are the files that they were unable to determine were duplicates at the time of interception.
Anything that the NSA don't have from the Internet remains uncollected only as the result of an error, and that will be fixed and collected at a later date.
Monday 12th August 2013 06:59 GMT Schultz
Trust me, I have nothing to hide...
and that's why I only give you selected statistics and half-truths.
The whole existence of the NSA is based on the concept of undercover surveillance. Turns out the people are a bit scared about undercover surveillance and prefer an open, democratic society. No spin will resolve that muti-billion-dollar dilemma.
Monday 12th August 2013 00:40 GMT xerocred
Monday 12th August 2013 00:48 GMT Anonymous Coward
You wouldn't even need to capture the headers. The courts have already ruled that the headers are fair game. Your ISP has full right to that information, the payload they do not. The reason why the NSA doesn't need to collect the headers, there is a far easier way; NetFlow/IPFIX. The ISP's already have tools to collect this and virtually all the devices they use, support it in hardware. You can have multiple destinations or they could have their collector also forward it to additional destinations. This would give the NSA all the data they need and not actually have to install a clot of collectors like they would to collect headers. That would require the sue of taps or SPAN/Monitor sessions on the ISP's gear. NetFlow/IPFIX is far cheaper and easier to implement. Many devices you just cannot send headers, so the collector would need to discard the rest of the packet.
Monday 12th August 2013 12:37 GMT big_D
Monday 12th August 2013 00:43 GMT Nate Amsden
Monday 12th August 2013 00:50 GMT Joseph Lord
Monday 12th August 2013 01:48 GMT Andrew Jones 2
Monday 12th August 2013 03:25 GMT the spectacularly refined chap
Re: 1.6% could probably include all the email and…
The figure that grabbed my attention isn't the 1.6% but the 0.025% which looks a lot more significant to me - that means that 1.56% of the traffic they receive is put through additional analysis. Filter out the video, spam, advertising, p2p, and porn and you must be up to 10% of everything else. In other words, anything remotely interesting. That could be you talking to your boyfriend about coming out as gay or your strategy in tendering for that multi-million pound contract against the US Megacorp.
This isn't about terrorism or targeted surveillance of specific subjects of interest: their own figures and a little common sense show this is a blanket trawl of any juicy tidbits.
Monday 12th August 2013 06:11 GMT John Smith 19
Re: 1.6% could probably include all the email and…
"This isn't about terrorism or targeted surveillance of specific subjects of interest: their own figures and a little common sense show this is a blanket trawl of any juicy tidbits."
And remember the rest can always be archived for later "review" should you become a person they have become interested in.
Monday 12th August 2013 02:16 GMT Anonymous Coward
1.6% and they want to cut jobs...ok.
2,000,000,000 billion internet users, and they are watching 1.6%...?
2,000,000,000 * .16 = 320,000,000
With 320mil possible reviews, is cutting jobs sane? If one person could invalidate/validate 100 a day per (and that's a lot), that would mean it would take 3,200,000 people to review them all in 1 day. Or 3,200 people in 1000 days.
I'm bringing up these goofy numbers because the review process is supposed to stop terrorism (supposedly). With these type of numbers, how could they ever stop an attack on time? If the NSA gets a lead on a terrorist attack, then the attack would basically have to take place 2+ years in the future for them to stop it, or else the lengthy review process won't stop the attack.
So are they sure they aren't doing something else with the data?
Monday 12th August 2013 10:32 GMT Vociferous
Re: 1.6% and they want to cut jobs...ok.
By "touching" they almost certainly mean automated scans for names, phrases, flagged addresses, and suspicious activity like exchanges of encrypted mails (WHAT ARE YOU HIDING, CITIZEN?). It's been common knowledge that this has been done since at least the 90's. That doesn't take any people at all, but is a big part of the reason the NSA has as big server parks as Google.
By "reviewing" they mean that the stuff the automated scans have flagged are checked by an analyst. Nearly all the flags will be clearly innocuous, and each of the several thousand analysts can probably process several flags per minute. A very *very* small percentage will receive closer investigation.
Monday 12th August 2013 12:20 GMT Phil W
Monday 12th August 2013 02:35 GMT Anonymous Coward
Prior to Snowden spilling the beans the NSA lied to Congress about its activities, then further lied about the extent of surveillance until further releases caught them out again; the use of one-sided secret courts and gag orders pisses on just about every principle of accountability and oversight I've ever heard of.
You could pick any of a number of US denunciations of the Soviet Union and satellites from the 50's to the end of communism and they'd fit the NSA's core business nicely, yet we're supposed to trust them because this is some kind of 'good' spying on your own citizens.
Now, on an almost weekly basis we get an endless stream of hot air filled with facts and figures justifying this State Surveillance for how little is really done and many bad people its stopped - facts that cannot be checked or verified. Given the lack of real information offered, if it was all so bloody benign, why wasn't it simply revealed before?
I'd be amazed if there was anyone outside politics stupid enough not to see the NSA's fluffy facts and soft soap for what it is - the authors of the constitution saw these people coming, and they've been dead for two centuries. Rather than PR untruths, maybe they'd be better off spending the time penning their statements for the Truth and Reconciliation Commission I sincerely hope they'll be facing one day.
Monday 12th August 2013 04:06 GMT An0n C0w4rd
Re: Why bother?
An interesting comment I saw buried deep in an article, I think on the Washington Post, is that members of the Intelligence Oversight committees gave up trying to get the Patriot Act amended for one very simple reason: they couldn't discuss the reasons for wanting the amendment as it relied on compartmentalised information. It's very hard to make a coherent argument for changing a law when you can't tell the people who will vote on the proposal why the amendment is needed.
The committee members have to read their intelligence briefings in a secure room and can't take any of the data out of that room.
Since all the committee does is ask questions (as I understand it they have no real authority to change anything without a vote of the full house), which makes the entire oversight process a waste of time. The only real effect of the oversight committee is that the electorate probably think that the committee is there to stop abuse of power. i.e. yet more security theatre.
Monday 12th August 2013 19:47 GMT tom dial
Re: Why bother?
After reading the WP article I concluded that the Senators' and Representatives' comments, including Mr. Wyden's, were mostly self serving CYA. Almost all of them were lawyers and all have access to lawyers capable of analyzing the effect of law changes that were not at all secret since they became part of the USC. The oversight committee members are not required to vote out a bill they have reservations about any more than they were to approve and repeatedly fund the Iraq war.
Sen. Diane Feinstein may say thing that now are politically quite incorrect, but she is at least honest about this.
Monday 12th August 2013 03:55 GMT Yet Another Anonymous coward
Means any company that might be tendering for a US contract, any that might compete with a US company or any that make sales in the US and the IRS might like to take a look at.
Imagine how useful it would be for the inland revenue to have all Starbucks internal discussions with their tax lawyers (well not at all of course because they are a US company and so the UK government will roll over like good little puppets.)
Monday 12th August 2013 03:58 GMT An0n C0w4rd
Lies, damned lies, and statistics
Assumption: the NSA does most of it's gathering on data that transits US soil, since most data is sent via oceanic fibre it can't be sniffed off satellites or radio (yes, I'm deliberately discounting the assertion Snowden made that they've spliced beam splitters into Chinese fibres)
The obvious conclusion from that assumption is that they're probably very deliberately using a very large figure (total global Internet traffic) and figuring out what percentage of that is caught in their sniffers.
A more relevant statistic is probably the percentage of USA traffic that they capture. I suspect it's quite a bit higher than the 1.6% from their publication.
Monday 12th August 2013 07:06 GMT Anonymous Coward
Re: Lies, damned lies, and statistics
If you read the NSA white paper, you will see that they mention 30 countries that they have information sharing with, so think in terms of pretty much everyone in NATO, plus Japan, Korea, the Phillipines, Singapore, Australia and New Zealand being part of the system.
And yes, given what has been declassified about Cold War taps placed on Russian undersea cables, expect that the NSA has splitters on most of cables that come into China from the Pacific.
Monday 12th August 2013 04:31 GMT amanfromMars 1
What Spooky Type NSA In PhormdD Information Systems are not clearly telling you at present*
EMPowering Command and Remote Virtual Control of IT, without Leading Media Mogul Maintenance and Compliant Explicit and Implicit Complicit Participation, is the NEUKlearer Great IntelAIgents Game and Alternate Virtual Reality for Engaging SMARTR Futures and Derivative Markets Players. ........ and not at all a Trivial Heavenly Pursuit, for ITs Rewards are Bonded Boundless Bounty and an Absolute Dream of a Nightmare to Oppose and Seek to Destroy and Disrupt.
*And why would you think that they ever would need to share such intelligence services with you, should you find it so easy to disbelieve and dismiss the notion and its programming to allow ITs Beta Players free rein and dominion in all domains entered and accessed.
And what would think you could possibly do, which would have any discernible disruptive or positive effect upon pre-programmed outcome, if you were advised such is a SecuredD IntelAIgent Stealth and Advanced Active Astute Autonomy Program floated by GCHQ and CESG for Markets Capture and Capitalisation/Virtual Realisation and Monetisation ..... Price Fixing? And/Or would you fully expect it to be plausibly denied by systems heads/incumbent controllers/anonymous spokespersons fully briefed to speak on the cloudy matter and CHAOS** for their service ....... or if you prefer, fully debriefed to speak on the cloudy matter for CHAOS in their service.
Methinks though, whenever something is so powerful as to be invaluable, is that fixing markets price exercise really pointless and only necessary to stop the Markets Games from collapsing in on itself with mass realisation of its artificial core purpose and the abusive use for personal profiteering which its misuse by right ignorant and arrogant dodgy traders results in.
**Clouds Hosting Advanced Operating Systems
Monday 12th August 2013 05:07 GMT amanfromMars 1
Re: What Spooky Type NSA In PhormdD Information Systems are not clearly telling you at present*
And what you may have to consider is the real truth as shared by Adam Curtis [of BBC documentary fame] ……
BUGGER… maybe the real state secret is that spies aren't very good at their jobs and don't know very much about the world….. and how it is worked and IT works it. ……. http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER
Which then would present one with, when one is exceptionally good at what one does and makes one a person of interest, an ab fab fabless opportunity to provide states with that which they need to counteract what they be missing.
Monday 12th August 2013 06:15 GMT John Smith 19
"We'd like to spy on more of you more often, but we just don't have the facilities to do that in real time. Good thing we have lots of backup capacity so any of you step out of line we can just do a quick restore and see what you history says about you. Trust us, we're here for your safety."
Somehow I find my myself strangely unconvinced.
Monday 12th August 2013 08:38 GMT ascasc
But most Internet traffic by volume can be eliminated easily...
E.g. in Canada 1/3 of all evening Internet traffic is Netflix, which the NSA wouldn't care about. Ditto for most video streaming (oh user pulled a Justin Bieber video, who cares). So that 1.6% of traffic of everything is probably a significant chunk of the actual Internet traffic that is interesting (email, VOIP, instant messaging, etc.).
Monday 12th August 2013 08:54 GMT Anonymous Coward
I talked to a man who works for the NSA
he said ' this whole privacy thing is like a pendulum, it swings one way (TBL WWW 1989) then it swings another way (NSA/GCHQ 2013)"
The problem that I see - is that the pendulum of privacy is not guaranteed to ever swing back in the direction of 'free & private correspondence' - In Germany, who have their election in just a few weeks, they are already lining-up people to fire as 'responsible' for the BND/etc/NSA co-operation. (Steinmeier?)
in practise, all EU governments (interior ministries justice departments) signed up to the post-echelon PRISM system quite some time ago, If I can take all you honorable ( and the dishonorable lurkers) back to 1995
this was the writing on the wall
"Memorandum of Understanding on the Legal Interception of Telecommunications
The "Memorandum of understanding with third countries" (later described as the "Memorandum of Understanding on the Legal Interception of Telecommunications") was discussed at the EU K4 Committee in November 1994. The significance of the "Memorandum" is that it extends the agreement on the surveillance of telecommunications to non-EU countries who are being invited to adopt it - and with it the "International User Requirements".
The Memorandum of Understanding was signed by the 15 EU Member States on 23 November 1995 at the meeting of the EU Council of Justice and Home Affairs Ministers
The contact addresses for signatory countries and for further information, which confirms the EU-USA link, should be sent to:
"a) Director Federal Bureau of Investigation,
Attention: Information Resource Division,
10 Pennsylvania Avenue, N.W.,
Washington D.C. 20535
b) General Secretary of the Council of the European Union,
FAO The President,
Rue de la Loi 175,
The number of signatories to the "Memorandum" was open-ended, any country can join providing the existing member states agree. It invites "participants" because "the possibilities for intercepting telecommunications are becoming increasingly threatened" and there is a need to introduce "international interception standards" and "norms for the telecommunications industry for carrying out interception orders" in order to "fight organised crime and for the protection of national security."
The strategy appears to be to first get the "Western world" (EU, US plus allies) to agree "norms" and "procedures" and then to sell these products to Third World countries - who even if they do not agree to "interception orders" will find their telecommunications monitored by ECHELON the minute it hit the airwaves.
Source: "Memorandum of Understanding concerning the lawful interception of telecommunications", ENFOPOL 112, 10037/95, Limite, Brussels, 25.11.95<
"not a significant document"<<<<<<<-----------------------WOW!
- the Home Secretary
The Chair of the Select Committee on the European Communities in the House of Lords, Lord Tordoff, took up the "Memorandum" with the Home Secretary, Michael Howard, in an exchange of letters on the Committee's access to documents for scrutiny.
On the subject of the "Memorandum of Understanding on the Legal Interception of Telecommunications" Mr Howard told Lord Tordoff:
"The Memorandum of Understanding is a set of practical guidelines to third countries on the lawful interception of telecommunications. It is not a significant document and does not, therefore, appear to meet the criteria for Parliamentary scrutiny of Title VI documents."
It is quite clear from this Briefing that the "Memorandum" is not an insignificant document concerning as it does a EU-US plan for global telecommunications surveillance.
The "Memorandum" itself is just two pages. It is the full text of the "Resolution" attached to it which demonstrates its full meaning.
However, not only did Mr Howard not think the "Memorandum" was "a significant document" he also apparently believes the attached Resolution also insignificant as he allegedly did not submit it to the House of Lords Committee for scrutiny prior to its adoption in January 1995 or thereafter.
Source: Correspondence with Ministers, 9th Session 1995-96, HL 74, pages 26-29.
Letter to international standards bodies
In December 1995 COREPER agreed a letter to be sent out to "international standardisation bodies in the field of telecommunications" (IEC, ISO and ITU) also ETSI. The letter said:
"Modern telecommunications systems present the risk of not permitting the lawful interception of telecommunications if they have not been adapted, at the standardisation and design stage, to allow such interception."
These bodies are "invited" to take account of the requirements of the Council Resolution of 17 January 1995 and told that Member States would be applying "these requirements to network operators and providers of services".
The December 1995 letter to international standards bodies and the publication of the main Resolution in November 1996 in the Official Journal announced to manufacturers of equipment and service providers that they will be expected to meet the "Requirements" allowing surveillance for any new contracts within the EU and via the "Memorandum" that these standards would also apply to any countries signing up to it - for example, the USA.
Source: "Draft letter to be sent to the international standardisation bodies concerning the Council Resolution of 17 January 1995 on the lawful interception of communications", Council General Secretariat to COREPER/COUNCIL, ENFOPOL 166, 12798/95, Limite, 14.12.95."
sorry for that long chunk of 'not significant documents' thanks to Statewatch & cryptome for hosting some of the sources - the MOU & attachments “ENFOPOL 112 file number 10037/95” has not yet been found online.
of course, all the above 'subversion' of the internet was done in the best possible taste, only the FBI is mentioned - but Snowden showed that the 'FBI' data goes straight to 'NSA' - and then perhaps some of it is returned to the 'FBI' for the purposes that it was nominally acquired for?
Monday 12th August 2013 09:00 GMT codejunky
They missed a bit
“This self-reporting is part of the culture and fabric of NSA,” the document continues. “If NSA is not acting in accordance with law, policy, or procedure, NSA will report through its internal and external intelligence oversight channels, conduct reviews to understand the root cause, and make appropriate adjustments to constantly improve.”
They should have finished with the word 'honest'. We all know that makes them sounds more believable.... honest