Featured Photos


Baseball Hall of Fame - 8/23/11

Featured Video


Avery's QuEST Project - It's Healthy!

House Construction


The Completed Home Renovation


Home Renovation - Complete!


Our House Construction Photoblog

RSS Feed


« | Main | »

More News Cataloging – NSA Call Lists

By Brian | May 11, 2006 | Share on Facebook

I’m sure this is going to become a big deal:

NSA has massive database of Americans’ phone calls

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans – most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

Most people won’t read past the headline. Some will skim the article and walk away thinking, “Bush is wiretapping even more phone calls now.” Folks who read the whole article, particularly the part I’ve quoted above, will walk away confused. They’re “reaching into our homes and businesses” even though we’re “not suspected of a crime,” [dum da dum dum.......DUM!!!!!] but they’re not “listening to or recording our conversations?”

Those who click through and read a few more articles on the subject will learn a bit more (and read “concerned” quotes from just about all 100 of the U.S. Senators). The NSA is looking for patterns in the data. The articles didn’t specify, but I suspect it’s something on the order of large numbers of calls being made to a single phone number, building, or area in a middle eastern country. Or maybe even large numbers of calls made between two citizens who both have made frequent calls to known terrorist trouble spots. That kind of thing.

These are just guesses, of course – I have no way of knowing. But assuming for a second that I’m at least directionally correct, my comment to Jeff Porten’s TIDBits article about the Computers, Freedom, and Privacy conference still applies: this is likely the case of technical capability vs. practical application of that technology.

If they’re looking for patterns, they need lots and lots of data. In this case, they also need phone numbers (source and destination), which is customer-identifying information. But if they take those millions of records and aggregate them to form patterns, they’re not using anyone’s phone number. It’s the aggregation of this data that’s interesting, not the data itself. (Of course, if they find a pattern and determine that it’s probable cause, one would hope they’d seek a warrant before wiretapping a phone).

The fact that with such data, they could accuse Mr. Smith is having an affair with Mr. Johnson’s wife, based on the correlations of late night phone calls to Mrs. Johnson at home and Mr. Smith at work makes for great copy, but isn’t really what’s happened here.

Don’t get me wrong: we absolutely must discuss the potential this creates for abuses of personal privacy. Specifically, we need to find technical solutions that allow the government to take advantage of modern data mining techniques to catch terrorists without exposing its citizens to potential privacy abuses. These issues should, and are, being debated as we speak.

But that’s not the story. The story is instantly tied to the tried & true NSA Wiretapping Story, even as they explain that they’re not the same thing at all. It doesn’t matter – they both contain the words “NSA,” “phone,” “collection” and “secret.” So that’s good enough. Also, the press gets a double-bonus here, because they can also catalog this story with the recent General Who Ran the NSA Wiretapping Program Gets Picked to Run the CIA story, which is also tangentially related at best.

A lot of newspaper and ad time is about to be sold, but we are going to need to dig deep to extract the facts described above. Such is the cost of the “free press.”

UPDATE: Yahoo/USAToday have a handy Q&A-style fact sheet on the issue that is stripped of all spin & hysteria. It even makes a point to distance itself from the NSA Wiretapping story.

Topics: Political Rantings | 10 Comments »

10 Responses to “More News Cataloging – NSA Call Lists”

  1. Jeff Porten says at May 12th, 2006 at 3:35 am :
    Ugh. I just got finished telling people on Scalzi that their heads were rectally inserted for the same assumption you’re making.

    You start from the statement that these databases are massive. You then presume that all of the results are purely aggregate, and you work backwards from your presumption. This is absolutely incorrect. The fact is, the details of the intelligence product from these programs are secret, and the few details you do have are over the objections of the administration.

    Point is, I don’t know for a fact that someone at NSA can type “Jeff Porten” into a database and get my phone calls. You don’t know for a fact that they can’t. The evidence is that they’ve put together sufficient technology to do either.

    You’re welcome to swing by my post and post your answer to my question: “an open question to anyone in the “nothing to hide” community who’s stopping by this week. Where’s your line? How do your Fourth Amendment rights protect you? If you’re not disturbed about your phone calls, how about your emails? Private documents? What doesn’t the government have the right to know about you?”

  2. Brian says at May 12th, 2006 at 5:31 pm :
    Ya know, I knew you’d say that, so I took an extra paragraph to explicitly state that I’m not arguing the privacy concern here.

    I’m also not assuming they can’t search for “Jeff Porten.”. If anything, I’m assuming that they can, but drawing the (I think) logical conclusion that doing so isn’t nearly as interesting as the aggregate searching capabilities that such a massive database provides them.

    We need new laws in this area. Simply interpreting the current law to prevent the worst-case scenario is not only unnecessary, but could be downright dangerous in the event that there are “dots” to “connect.”

    As for your last comment, I truly have no idea how you read my post and decided I was in the “nothjing to hide” crowd. Unless you had formed that opinion of me coming in…

  3. Jeff Porten says at May 15th, 2006 at 3:59 pm :
    doing so isn’t nearly as interesting as the aggregate searching capabilities that such a massive database provides them.

    Which is great so long as no American has any curious friends, enemies, or ex-girlfriends in the government or its contractors. That’s before we discuss whether such a system would be eventually hacked.

    We need new laws in this area. Simply interpreting the current law to prevent the worst-case scenario is not only unnecessary, but could be downright dangerous in the event that there are “dots” to “connect.”

    No, I don’t think we do (need new laws). Terrorism is not new, and other countries have long had anti-terrorism programs without tracking every citizen’s every action. I actually am in favor of some aggregate data programs — because sometimes you can spot a pattern that you otherwise wouldn’t see. But then you go back to traditional law-enforcement techniques, which lest we forget, were refined over 200 years to protect both the rights of the individual *and* the due process of the government.

    I truly have no idea how you read my post and decided I was in the “nothjing to hide” crowd.

    Probably from interpolating, extrapolating, and misremembering previous conversations. Even I’m hazy on how I get to my conclusions.

  4. Brian says at May 15th, 2006 at 5:53 pm :
    I actually am in favor of some aggregate data programs — because sometimes you can spot a pattern that you otherwise wouldn’t see. But then you go back to traditional law-enforcement techniques, which lest we forget, were refined over 200 years to protect both the rights of the individual *and* the due process of the government.

    GAH! So traditional law-enforcement techniques that aggregate data in search of patterns aren’t “tracking every citizen’s every action,” but new programs are?

    Don’t go trying to convince me you’re a Luddite now – it won’t work.

    The new laws I referred to were not to address terrorism. They are to address our new technical capabilities and how we utilize those to solve old problems (like terrorism) better without throwing away our civil rights.

    other countries have long had anti-terrorism programs without tracking every citizen’s every action

    Ya know, when I went to college and brought my Apple II+, my dad said, “Why do you need a computer in your dorm room? Thousands of kids went all the way through college without one…”

    So here’s my question for you: If other countries jumped off the Brooklyn Bridge, would you do it to? ;-)

  5. Jeff Porten says at May 17th, 2006 at 11:57 pm :
    Traditional law enforcement techniques that aggregate data have typically gone through that whole quaint “rule of law” Constitutional test. You know, with warrants and judges and oversight, stuff like that. You’re right if you assume that I’m inherently opposed to vacuum-cleaner approaches that track everyone, but that’s not the argument I’m making here — the argument I’m making is that this is illegal, and that the people running it kept it secret because they knew it was illegal and wouldn’t survive sunlight.

    Re “new technical capabilities”, I heard a podcast today that pointed out that FISA was written partially in reponse to Project Shamrock, the NSA program that wiretapped all international telegrams. So it’s facetious (a nice way to say “wrong”) that current telecommunications issues are brand-new. I’ll link this later on my blog — Google for The World Tech Podcast #79 in the meantime if you like.

    As for what other countries do, yes, I do think it’s instructive when peer societies universally reject something, and we don’t. America has always had a myth of exceptionalism, which is dangerous; societies that historically believed that they were destined to be exception were left in the dustbin of history. The trick is to *be* exceptional. Again, if you’re interested, Google “America the Titanic”, an essay I read on the IHT today.

  6. Brian says at May 18th, 2006 at 5:56 pm :
    the argument I’m making is that this is illegal, and that the people running it kept it secret because they knew it was illegal and wouldn’t survive sunlight.

    Ah yes – guilty until proven innocent. I forgot. Sorry…

    FISA was written partially in reponse to Project Shamrock, the NSA program that wiretapped all international telegrams. So it’s facetious (a nice way to say “wrong”) that current telecommunications issues are brand-new.

    Right. ‘Cause if you tapped someone’s telegram, they’d likely find out about it & switch telegram machines (on both ends of the transmission) within a couple of hours. Please…are we really going to argue about whether technology had advanced enough since World War II to create new law enforcement & privacy challenges?

    I do think it’s instructive when peer societies universally reject something, and we don’t.

    Most countries treat women as second class citizens. Many countries (although probably not most) throw you in jail for saying 80% of what we’ve both written in our blogs. Some countries chop off your hand if you steal a loaf of bread. Which of these choices is instructive?

    On the other side, we thought we were being exceptional in 1776 when we declared those inalienable rights. And again in 1969 when we invented a global, peer-to-peer computer network.

    We’ve fallen on our faces too (remember the Pet Rock? ), but again…are we really going to argue that “everyone else has failed” is a good reason not to try? What ever happened to pushing the envelope?

  7. Jeff Porten says at May 21st, 2006 at 3:23 pm :
    guilty until proven innocent. I forgot.

    Their actions broke the FISA law, at the very least, and their sole legal defense is that Congressional authorization somehow gave them the right to break any law they chose. That’s a proposition I’d like to see tested in court. Of course, if they had their way, the whole thing would have remained secret and hence wouldn’t ever have gone to court. That doesn’t strike you as the actions of someone who knows he’s breaking the law?

    ‘Cause if you tapped someone’s telegram, they’d likely find out about it & switch telegram machines (on both ends of the transmission) within a couple of hours.

    Sometimes I wonder if you have thought this data mining thing through. Which I know you have, so statements like this are infuriating. Shamrock would have picked up the second telegram, and the third, etc., because it picked up all the telegram traffic from cooperating vendors. You wouldn’t switch machines or networks, you’d switch ciphers in the hopes of evading the mining net. Which, incidentally, is an equally good tactic against ECHELON, which continues to do the same thing. We don’t know what would and would not work against the NSA program, nor do we know what innocent people might do to attract attention.

    are we really going to argue about whether technology had advanced enough since World War II to create new law enforcement & privacy challenges?

    Of course not. We’re arguing whether the response of “monitor all of it” is rational, legal, sane, or American. Are you going to argue that by posing that question, yours is the only allowable programmatic response?

    Most countries treat women as second class citizens….

    Peer societies, Brian. Think Scotland, not Saudi Arabia. I look to Canada as a mirror, not Cairo.

    but again…are we really going to argue that “everyone else has failed” is a good reason not to try? What ever happened to pushing the envelope?

    Depends on the things we’re trying. Massive eavesdropping, extraordinary rendition, torture, imprisonment without trial, government secrecy, willful disregard of Congress — I think the envelope is well and truly pushed. I don’t think that anyone is arguing that we don’t have the capability to implement a technofascist state, so why prove it?

    It’s worth noting — the implicit argument you’re making is “let’s do it to stop the terrorists”. That’s not a given, and I’m sure you’ve heard the arguments for why not. I’m letting that pass because even if it works, my arguments are still valid.

  8. Brian says at May 22nd, 2006 at 10:23 am :
    That doesn’t strike you as the actions of someone who knows he’s breaking the law?

    I’m not arguing that it’s legal. I agree that it’s probably not. I’m just pointing out that the above statement, if made about a guy on the street who ran from the police, or a guy who pled the 5th ammendment in court, or a guy who refused to have his property searched, would infuriate you to no end.

    We’re arguing whether the response of “monitor all of it” is rational, legal, sane, or American. Are you going to argue that by posing that question, yours is the only allowable programmatic response?

    Obviously, mine is not the only allowable response. What the heck do I know, really? All I’m saying is it’s a little disengenuous to call data mining “monitoring it all.” If you’re looking for trends in data, you’re best off with a random sample. And there’s nothing more random than the entire population.

    Whether it works or not is a separate discussion, although I’m making the point even if it doesn’t work, the best way to improve it’s success is to try. That’s been true since God was a little boy…

    It’s worth noting — the implicit argument you’re making is “let’s do it to stop the terrorists”.

    Nope – never said that, never meant it. As I’ve blogged since, we’ve had this conversation about at least three unrelated topics now – airport security, search engine results, and call monitoring. “Why” is not at issue here…

  9. Jeff Porten says at May 24th, 2006 at 7:48 pm :
    I’m just pointing out that the above statement, if made about a guy on the street who ran from the police, or a guy who pled the 5th ammendment in court, or a guy who refused to have his property searched, would infuriate you to no end.

    Sorry, I am getting so sick of this argument. Governments and individuals are held to different standards. Individuals cannot invade a country, take away part of your income, or put a criminal to death. The laws governing individual rights and governing the actions of a government are not commutative or analogous.

    Apparently this is worth repeating — under the American system of government, individuals have rights. The government has none. The government solely has the powers that are given to it by the people.

    If you’re looking for trends in data, you’re best off with a random sample. And there’s nothing more random than the entire population.

    You and I both know that if you’re talking about the entire population, you’re no longer talking about a sample. And yes, perhaps there is a debate to be had about whether we should modify individual rights to allow the government to do random sampling, using transparent methods of aggregation and reporting, with appropriate oversight. However, this is not the program that we are discussing; this is a completely different Gedankenexperiment which solely serves to muddy up the discussion of the program already, and (we are apparently agreed) illegally in place.

    So let me get this straight — you think this is “probably” illegal, but it’s still okay? You do realize that with that as your standard, the government can do damn near anything it likes?

    [A]lthough I’m making the point even if it doesn’t work, the best way to improve it’s success is to try. That’s been true since God was a little boy…

    And we have rules in place for things the government isn’t allowed to try. Your “give it a shot” theory would also have been sufficient justification for Japanese internment — I presume you’re against that as a workable option?

    As I’ve blogged since, we’ve had this conversation about at least three unrelated topics now – airport security, search engine results, and call monitoring. “Why” is not at issue here…

    Of course it is. You put programs in place in order to achieve a security outcome, and if the outcome falls short, then for God’s sake the program is indefensible. Do you also support spending billions on Star Wars? Billions for tactical nukes? Abstinence-only education? Or do you say, “Gee, these things don’t work, perhaps it’s not a good idea.” Please don’t tell me I’m giving you too much credit here.

  10. Brian says at May 25th, 2006 at 12:24 pm :
    This thread and this one have basically converged, so let’s shut this one off & move over to the other one, OK?

Comments

Comments will be sent to the moderation queue.