An anonymous coward suggested above that there are two fundamental alternatives in the context of signals surveillance:
"1) Monitor everyone (or try to)
2) Target the surveillance, legally."
A question that has occurred to me from time to time is this: In an environment in which a very large amount of communication occurs within the internet infrastructure, is there an operational definition of (2) that would distinguish it from (1)? Put differently, is it possible to accomplish the second without also effectively configuring for and to a very large degree doing the first?
For example, if the FBI has a warrant issued by a US court in, say, Manhattan, that gives them the authority to target the communication of a US national thought to be planning a terrorist attack in, say, Washington, DC, how much communication traffic will they need to access, examine (programmatically or by hand), and filter to track the individual's cell phone, email, and land line communications if he or she is in the United States? If a targeted person travels to the West coast or abroad, how much additional traffic will need to be examined and filtered to attain the goals of the warrant? If a few hundreds or thousands of such individual targets are subject to collection, for the sake of argument all based on properly justified and issued warrants, the required collection and filtering structure is likely to begin to resemble XKEYSCORE and related downstream analytic programs. What if it is, in addition, a collaborative arrangement built up to support similar warrant execution requirements levied on the other Five Eyes agencies by their governments and designed to adapt to a set of targets that varies over time?
Terrorism surveillance, however, is not the only and probably not the largest goal of the signals intelligence agencies. We know, or certainly should, that foreign intelligence agencies seek a wide variety of information about many subjects of interest in formulating foreign and military policy, and that they target officials of foreign governments with little restraint to obtain it. They do so by various means that include electronic and other eavesdropping that are legal according to the laws under which they operate, although often quite illegal under the laws of the targeted country. The methods, procedures, and technical arrangements used for foreign intelligence electronic data collection are essentially indistinguishable from those used for execution of warrants against individuals.
I won't argue about whether such activities are morally correct, a question about which there is an enormous range of opinion when it gets down to details; under the laws of the country that does them, however, they probably are legal. My point is that either of the basic alternatives described seems to lead to the same result: a capability to gain access to a large part of the internet data stream together with processes to filter and select the data of interest out of it.
Biting the hand that feeds IT
