NSA Chose Invasive Phone Analysis Option 307
Encrypted Anonymous Coward writes "The Baltimore Sun reveals the existence of an interesting experimental NSA program codenamed ThinThread from the late 90`s. The program involved link analysis of traffic data, with a twist; The phone numbers from the U.S. would only be analyzed in an encrypted form. This way the analysis would potentially be possible under existing privacy laws, according to the people behind the program. The NSA could gather further unencrypted details if there was evidence of a threat. Political infighting seems to have dropped an interesting and respectful program from the books."
Privacy Issues (Score:5, Insightful)
Anonimity isn't really privacy. When I say "I love you" or "I'm going to kill you" I want to know it's ME saying THAT to THAT PERSON who is meant to receive it, and to no one else. I don't wanna be an anonymous coward sending my thoughts over to the NSA and get busted because they can look up my IP if I've been a bad boy...
NSA track record (Score:3, Insightful)
Re:Data is Data (Score:2, Insightful)
Yep, kind of what I was thinking. I imagine a sufficiently experienced/intelligent/devious operator would only have to perform one or two further sub-queries on that hashed information in order to find personally identifying information ... and from there get the info that was encrypted via public sources, if necessary. How do you protect against this kind of (mis)use?
Right. (Score:4, Insightful)
The jolly, candy-like button...
Re:Privacy Issues (Score:4, Insightful)
However, people demand security. Often security and privacy conflict with one another and we as a society need to decide where that line needs to be drawn. If we don't want the government to look over our shoulders, then we can't bitch when they didn't see something coming.
Trust not (Score:5, Insightful)
Says who? The NSA?
Who defines what a potential threat is? A judge of the court, or some bureaucrats in the NSA?
Why would we trust an agaency known to play games with the law to have access to this data? A layer of separation (the encryption) doesn't change the fact that the data is still there for misuse. Just because it's harder to tie to an individual doesn't mean it can be misused.
All the encryption does is make it harder for a rogue/spy to get access to actual phone numbers. Systemic abuse or misuse of the data is not prevented at all. And frankly, systemic abuse/misuse frightens me much more than one person being able to misuse the data.
Still tracable (Score:3, Insightful)
Re:NSA track record (Score:3, Insightful)
If you think it's more likely that the records are going to be stolen from the NSA than from your phone company, you're probably vastly overestimating the security and hiring practices at the phone company.
Re:Privacy Issues (Score:5, Insightful)
Uh...what about the fourth amendment?
I would consider monitoring my phone calls to be an unreasonable search, without probable cause.
Okay, have we caught anyone? (Score:3, Insightful)
It would just be nice to know for ONCE the consequences of the actions other than reading about how ordinary people can be spied upon by their Government.
Selective memory (Score:2, Insightful)
Doesn't anyone here even remember ECHELON [wikipedia.org]? Stop drinking the Kool Aid.
"interesting and respectful"? (Score:3, Insightful)
Re:Privacy Issues (Score:5, Insightful)
So what? Sorry, I don't mean to be flipant, but gathering my confidential call data and looking for criminal activity in my mind is as much a search as a pat down. The fact that they're not actually listening to me talk sexy with my girlfriend is nice, but it doesn't correct the problem that a the state would be analysing the time and phone number of every call I participate in then they'd be making a determination of whether or not I was probably a criminal. When the government conducts routine searches of our routine daily activities then that, in my mind, is both unreasonable, and, as a result, unconstitutional.
TW
Bullshit (Score:5, Insightful)
Big freaking deal if the numbers are 'encrypted' or not. The problem is not that the NSA knows people's phone numbers - that's why we have phonebooks. The problem is that they have this huge database that lets anyone with access draw all kinds of inferences about people's relationships with each other. The right to freely associate is not free at all if it means that you end up on some big list in a government computer (or anyone else's computer for that matter).
Having your phone number encrypted when it is in the database doesn't help a bit because the encrypted number is just another unique identifier. Its the equivalent of saying that they used social security numbers in place of the phone numbers.
I wish the government had a better sense of humor (Score:3, Insightful)
ThinThread was designed to address two key challenges: The NSA had more information than it could digest, and, increasingly, its targets were in contact with people in the United States whose calls the agency was prohibited from monitoring.
a) they are spying on so many people that they can't even process the data. I've been under that assumption for quite some time, and now its clear. Hey, its a win for us.
b) they are spying on people they can, but the important stuff is "off limits"
Huh?
I'm beginning to think that these people are just like peeping toms or people rubernecking at an accident on the side of the road. They clearly don't even seem to know what the fuck they are doing, it just looks cool, they know they shouldn't do it, but they simply can't help themselves. What a bunch of children.
Now, although the article has not much more info, the article seems to imply that the NSA is going about their surveillance of innocent people, but to get around that pesky 4th amendment*, they are anomalizing (correct word?) the data via some encryption thingy, and if the random stuff looks interesting enough, I guess they have to get a warrant (or not??) to decrypt the data into something real.
Now, at first that sounded OK, but then I thought about it. Isn't the data already anonymous and anomalized (??) by default? I mean, even if they have my name, say George Bush, and phone number, and the name and phone number of the guy I called, say Aleister Crowley. Unless the NSA already knows both of these people, that data is still anonymous. It would take a little more investigation to determine if it was George W. Bush, George H. W. Bush, or just a namesake or the real deal themselves.
So, in other words, get a fucking warrant, and stop wasting my tax money randomly looking at "chatter" of innocent people. The process goes like this. 1) Find out something is wrong 2) Get an idea of who is doing the wrong and develop "probable cause" 3) Get a warrant, and go after the bad guys.
Otherwise, sit on your asses and drink coffee or eat a donut. Don't waste my tax money and be a peeping tom.
Back to that pesky 4th amendment. If you haven't seen it yet, check out the new dipshit that is the new head of the NSA:
http://movies.crooksandliars.com/Countdown-nsa-Ha
Re:Privacy Issues (Score:5, Insightful)
Re:Privacy Issues (Score:5, Insightful)
The problem here is and always has been the potential for abuse.
The FISA court exists for a reason you know. Why? Not because of some theoretical use of wiretaps to infringe on privacy.... because they were activly tapping the phone calls of people like Dr Martin Luther King in every hotel that he visited trying to dig up dirt on him.
This isn't conspiracy theory, its conspiracy fact. It is a matter of congressional record that wiretaps were indeed used to follow innocent people for political reasons.
Besides, sure, today its just intelligence on terrorists. However, once the system to do it is there, the ability to abuse it is there. All it takes is one unscrupulous operator, or a little pressure from a director, or dare I say, a secret presidential memo, to cause the system to be abused to any number of ends.
This is why we need oversight, and we need to hold these people responsible for what they do. If they can wiretap with impunity, then why not wiretap with impunity? If there is no punishment, then there is a lower bar to doing it.
Frankly, I think these programs should be outed, and every signle person involved, all the way up, should be indicted.
That goes for this program (if it was indeed illegal, if not they should fix the law), and the presidents wiretapping program thats been in the news. Intictments and impeachments are what should be going on right now.
-Steve
Re:Okay, have we caught anyone? (Score:3, Insightful)
In that example, get a warrant. (Score:4, Insightful)
That way, when they both implicate "B", you can immediately get a warrant to find out who "B" is talking to.
Also, you might find out that "C" is a "nutjob", too. Then you can get a warrant for his phone.
All very easy and all very legal under existing laws.
Re:Future options (Score:5, Insightful)
On the contrary, the founding documents of this nation were very much a suicide pact.
The Declaration of Independence said it quite explicitly:
And for the Support of this Declaration, with a firm Reliance on the Protection of Divine Providence, we mutually pledge to each other our Lives, our Fortunes, and our sacred Honour.
Or, to put it more succinctly, "Give me Liberty or Give me Death".
Life without liberty is not life worth living, and the founding fathers knew quite well that they would either succeeed or be killed as traitors.
And of course the irony is that the only way we would commit "suicide" (ie, kill OURSELVES, as opposed to being destroyed by external forces) is to destroy the Constitution and Bill of Rights, exactly as we're doing so well right now. No terrorist bomb can accomplish that task, we're doing it all on our own.
Bruce Schneier says it better than I could (Score:5, Insightful)
Do you only have the rights that are explicitly defined in your constitution?
However, people demand security. Often security and privacy conflict with one another and we as a society need to decide where that line needs to be drawn. If we don't want the government to look over our shoulders, then we can't bitch when they didn't see something coming.I think that Bruce Schneier's recent article in Wired [wired.com] is one of the most reasoned and insightful responses to your line of argumentation.
As he states, it is not a debate over security versus privacy - it is liberty versus tyranny.
Re:Privacy Issues (Score:4, Insightful)
Re:Privacy Issues (Score:1, Insightful)
Living in a country in which president has very little power, I think many of the problems in USA's administration come from the fact, that the president has very much power. No one in his adminstration group dares to critisize him if they want to keep their job and status in the party, so they have to bend backwards trying to rationalize the illegal things the president has done.
It's the problem of benevolent dictator. As long as the dictator is truly benevolent, everything is fine, but there is no way to ensure that the dictator won't change.
Re:Future options (Score:2, Insightful)
Re:Privacy Issues (Score:3, Insightful)
Orrrrrrrr... you get a warrant to bust down the known nutjob's door, seize his property, subpoena his phone records and interrogate everyone he's called. Maybe then you'll have the proof needed to arrest his friend the suspected nutjob. And maybe you'll discover that B wasn't really a terrorist, but you've saved him from being blackmailed into blowing himself up. Or hey, maybe B is pizza hut. Terrorists have to eat too.
But in the end, you've removed a known terrorist from the wild, interrupting his plans and ruining his recruiting efforts. You have a trial (and hopefully a conviction) to show that you are actually doing something for the country. You have punishment suitable to discourage other would be terrorists. (life in prison is good. Ruling them insane and putting thim in a straight jacket, face mask and padded room for the rest of their life with daily happy pills would be so much better. Nothing says not-a-martyr like having to have someone else feed you and change your diapers while you drool and grunt.)
Too much 'beautification' in this sentence (Score:3, Insightful)
It should not be 'NSA Chose Invasive Phone Analysis Option'
Its correct saying is 'NSA have violated your privacy'
Red Herring (Score:3, Insightful)
Re:Privacy Issues (Score:2, Insightful)
Red Herring (with formatting; sorry!) (Score:3, Insightful)
Encrypted?
By whom? Not by me, that's for sure.
Who controls the decryption? Again not somebody who answers to me.
Encryption is not a magic incantation that protects secrecy.
Encrypting some data produces some other data, which in itself is useless--you have to reverse the process to get the original data back.
Encryption happens to be a special sort of process can only be reversed under certain conditions (when the correct keys are present).
You don't need a technical understanding of the latest encryption technology to understand this. It's common freaking sense.
Somebody has spied on you. They promise to keep the results of their spying a secret. Therefore, your rights have not been violated.
Seriously--does anybody buy this? Are we that stupid?
Oh, yeah--this message has been encrypted, so it's safe. See?
Rapelcgrq?
Ol jubz? Abg ol zr, gung\'f sbe fher.
Jub pbagebyf gur qrpelcgvba? Ntnva abg fbzrobql jub nafjref gb zr.
Rapelcgvba vf abg n zntvp vapnagngvba gung cebgrpgf frperpl.
Rapelcgvat fbzr qngn cebqhprf fbzr bgure qngn, juvpu va vgfrys vf hfryrff--lbh unir gb erirefr gur cebprff gb trg gur bevtvany qngn onpx.
Rapelcgvba unccraf gb or n fcrpvny fbeg bs cebprff pna bayl or erirefrq haqre pregnva pbaqvgvbaf (jura gur pbeerpg xrlf ner cerfrag).
Lbh qba\'g arrq n grpuavpny haqrefgnaqvat bs gur yngrfg rapelcgvba grpuabybtl gb haqrefgnaq guvf. Vg\'f pbzzba sernxvat frafr.
Fbzrobql unf fcvrq ba lbh. Gurl cebzvfr gb xrrc gur erfhygf bs gurve fclvat n frperg. Gurersber, lbhe evtugf unir abg orra ivbyngrq.
Frevbhfyl--qbrf nalobql ohl guvf? Ner jr gung fghcvq?
Bu, lrnu--guvf zrffntr unf orra rapelcgrq, fb vg\'f fnsr. Frr?
Re:Privacy Issues (Score:4, Insightful)
Obviously at the time of writing, phone lines didn't exist, but it's reasonable to see that as an "effect" belonging to an individual.
The switches that route your call, and record the source/destination/time, do not belong to you; they belong to the phone company. The same could be said about a written letter - the letter and its verbal content are yours, but the information about where the letter came from and where it is going are necessarily shared with the Postal Service, which then possesses that information and can do with it as it pleases.
The Foxes are Deciding What is Legal... (Score:1, Insightful)
think about it.
these guys and gals are so sociopathic and short sighted that they act like no government has ever abused power in the history of the world.
i will guarantee you one thing... someone will come to power in the us and blatantly abuse their power... the question is... what will our system of government do to protect the citizens from this attack?
some think bush is already this person as evidenced by the bumper sticker i saw today... "Frodo failed, Bush has the ring!"
however, as bad as bush might be, there is much worse waiting in the wings. just give it time. by the time this worse person is revealed, he'll have near unlimited power to do anything... and absolute power corrputs absolutely.
Re:Mmm, no not really (Score:2, Insightful)
Also, if you want to get really nitpicky about what is actually written in the US Constitution look at the 9th and 10th Amendments closely.
Amendment IX The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Just because it isn't listed, does not mean it does not exist. The Bill of Rights was not meant to be an all inclusive list. In fact, what we are seeing now is an example of one of the arguments against it: that people would treat it as an exhustive list and use it as an excuse to claim that other rights do not exist. For example, even if there isn't an explicit right to privacy doesn't mean we don't have one.
Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.
This one has been dead for a while. Essentially it says that any power not explicitly given to the Federal Government in the Constitution cannot be wielded by the Federal Government. If you ever get bored spend some time reading the Constitution and try to justify every part of the current Federal Government within it's mandate, I've not been able to do this.
Re:Privacy Issues (Score:4, Insightful)
No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.
Bear in mind that quartering was not a military necessity but a way of finding and uprooting dissent at it's roots--the common household. They didn't just quarter at random. Suspected sympathizers were often specifically targeted for the simple reason that having a few brutish and nosey soldiers from the government in your house either makes you clean up your affairs or start explaining yourself in front of a judge.
The third amendment was a response to a specific type of attack on privacy by a people which had been traumatized by it. You can bet your powdered wig that if England had tried to read the correspondence of every suspected revolutionary (wire-tapping) or recorded data about every conversation that ever occurred in a public square and the parties involved (phone database), that those too would have been specifically mentioned as well.
Kept in its historical context, the third amendment represents a limit to the imposition of households and the government's ability to intrude upon the private lives of ordinary citizens.
But you know what? What about the Ninth Amendment?
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Any reasonable person can conclude that a right to privacy exists on some level. We shouldn't need a document of finite length, written over 200 years ago to tell us exactly what rights we, by virtue of our humanity, possess. In fact, this ridiculous argument we're having over whether a right to privacy exists or doesn't is the entire reason that the ninth Amendment was devised.
Alexander Hamilton in Federalist 84, said it best (emphasis mine):
"[I] affirm that bills of rights, in the sense and to the extent in which they are contended for, are not only unnecessary in the proposed Constitution, but would even be dangerous. They would contain various exceptions to powers not granted; and, on this very account, would afford a colorable pretext to claim more than were granted. For why declare that things shall not be done which there is no power to do? Why, for instance, should it be said that the liberty of the press shall not be restrained, when no power is given by which restrictions may be imposed? I will not content that such a provision would confer a regulating power; but it is evident that it [an enumerated Bill of Rights] would furnish, to men disposed to usurp, a plausible pretence for claiming that power."
-Grym
Re:We as Americans need to ask hard questions. (Score:3, Insightful)
Unfortunately, it doesn't matter whether or not attacks were thwarted by a warrantless wiretapping program; whether it works or not is not an issue. What is at issue, then?
Think about both of these carefully. It's easy to say "we got intelligence from this program, and that intelligence led to prevention of attacks." Unfortunately, that argument is akin to "we use Word to write our proposals, and our proposals got us $5,000,000 in profit this year." The question is left open "ok, but was that because of Word? Could you have used another tool and gotten the same result?" With wiretapping, that question is "ok, but how do we know that the FISA methodology would not have worked?"
Which comes down to issue #2, which is simply a specific case of "is it worth it?" Assuming we've resolved #1 to say that the warrantless approach is responsible for preventing these attacks (which is unproved): are you willing to give up everyone's freedom from search without due process to prevent these attacks?
People dying sucks: only a sociopath would feel that these people dying is a good thing. But is it better or worse than losing an important freedom? Before you answer, ask a WWII vet if this country's freedoms are worth dying for. Ask yourself if you'd be willing to go to war to protect our freedoms. Think on this, and try to figure out the difference between giving up freedoms to prevent terrorism and giving up freedoms rather than going to war. And remember, a lot fewer people die in terrorist attacks than in wars.
Re:We as Americans need to ask hard questions. (Score:1, Insightful)
- "Had this been in place prior to the attacks, two hijackers... almost certainly would have been identified as who they were, what they were and, most importantly, where they were," Gen. Michael Hayden told his Senate Intelligence Committee confirmation hearing. Currently the headline article on CNN. [cnn.com]
So which is it? Is the current administration stretching the program farther than its predecessors and chipping away at civil liberties, or is it just inept?
Not that I'm biased/bitter or anything.