Please create an account to participate in the Slashdot moderation system


Forgot your password?

More Details of the NSA's Social Network Analysis 367

mrogers writes "USA Today has a story describing how the NSA looks for suspicious calling patterns in the huge volumes of traffic data it collects. "Templates" such as a call from overseas followed by a flurry of domestic calls are used to identify leads, which are forwarded to the FBI for investigation. There have been complaints that low-quality leads are drawing agents away from other cases, and similar pattern-matching approaches have been found wanting in the past. Can data mining identify terrorists?"
This discussion has been archived. No new comments can be posted.

More Details of the NSA's Social Network Analysis

Comments Filter:
  • by Douglas Simmons ( 628988 ) * on Wednesday May 31, 2006 @11:09AM (#15435644) Homepage
    I don't know about terrorists, but calling patterns can effectively be used to identify drug dealers, according to HBO's The Wire []. I imagine polygamists, as illustrated in HBO's Big Love [], would exhibit abnormal calling patterns with their supersized family calling plans.

    And don't tell me That's just television because no, sir, It's not TV, it's HBO.

    • Given Reco, and standard, legal wiretaps and bugging, the Feds still cant touch Mr Soprano! The NSA spying program could revitalize and de-criminalize all of NJ!
    • it's easy to indentify the terrorists -- they'll be the only ones who don't call in to vote on American Idol! (completely sarcastic, never even saw the show)
    • by Billosaur ( 927319 ) * <wgrother@oEINSTE ... minus physicist> on Wednesday May 31, 2006 @11:34AM (#15435888) Journal
      I don't know about terrorists, but calling patterns can effectively be used to identify drug dealers, according to HBO's The Wire. I imagine polygamists, as illustrated in HBO's Big Love, would exhibit abnormal calling patterns with their supersized family calling plans.

      And let's not forget all those out there with girlfriends/boyfriends they don't want their wives/husbands to find out about. That alone could make great extortion material and provide a new way to fund covert operations.

  • Dear NSA... (Score:3, Funny)

    by turnstyle ( 588788 ) on Wednesday May 31, 2006 @11:09AM (#15435647) Homepage
    For more info, see here []...
  • They should formalize this practice and make a palindrome out of the resulting acronym. That way we can be distracted with how cool they are to think of such things instead of worrying about what they're actually doing.

    NSA-ASN - NSA's Analysis of Social Networks.

    *sigh* I'm very honestly starting to get a sick feeling in my stomach over the direction our (my) country is headed. And yet, I feel like there's nothing I can do about it. Vote? Yeah... right.
    • by dhasenan ( 758719 ) on Wednesday May 31, 2006 @11:36AM (#15435905)
      Because in order for your vote to count, it has to agree with a large number of other votes. If we got a libertarian for President--say, Michael Badnarik--then the NSA would have to hide its spying from the President, as well. But for any national candidate to succeed, they need media coverage. For some reason, Ralph Nader, who was only on the ballot in 36 states, got far more coverage than Badnarik, who was on the ballot in (I believe) 49 states. Why? Because Nader couldn't have won, so the media could safely involve him.

      So, your choices for every election are between media coalitions. Which generally means that each of the major US parties supports slightly differing sections of the economy--service sector for the Democrats, production for the Republicans. That's the major difference.

      Now, armed resistance is ridiculous when the government has billions of dollars of military equipment. And other technological countermeasures will likely prove ineffective in a short period of time.
      • by paulbd ( 118132 ) on Wednesday May 31, 2006 @12:01PM (#15436134) Homepage

        you have to be kidding! you're claiming that the media covered Nader because he could not have won, but Badnarik could have won and so they didn't cover him? they didn't cover Badnarik because even if he was on the ballot in 150 states, he still could not have won. i agree - its a poor reason to avoid covering Badnarik and his party's ideas, but lets get serious about the reasons here.

        • I agree with the parent.
          His winning the election (or even being allowed to attend the presidential debates) would have been disruptive to their entrenched interests, so the mass media only presented the two candidates which were known quantities.

          Chip H.
      • by Anonymous Coward
        Now, armed resistance is ridiculous when the government has billions of dollars of military equipment.

        But right now they are all busy and distracted overseas. Quick, now's your chance
      • Now, armed resistance is ridiculous when the government has billions of dollars of military equipment. And other technological countermeasures will likely prove ineffective in a short period of time.

        The American revolutionaries at the time of the War for Independence were severely outgunned, outmanned, outequipped and out-trained compared to their contemporary British counterparts.

        Guess which side one?

  • by SIInudeity ( 822415 ) on Wednesday May 31, 2006 @11:11AM (#15435656)
    From now on, I'm using world of warcraft to plan my activities.
    • by Lumpy ( 12016 )
      Honestly though, why not a simple alternative?

      Terrorists are very well funded if we are to believe the crap that spews forth from our leaders so why dont they take an approach that is different from normal?

      Bin laden can buy all his terrorists a SIP Wifi Phone and use Free World Dialup to keep in touch or simply dial a direct IP. Throw away prepay cellphones are easy to come by, why dont these terrorists buy a "boost mobile" and simply buy only a single airtime card and then throw the whole thing away when d
      • by vought ( 160908 ) on Wednesday May 31, 2006 @12:06PM (#15436170)
        I am betting firmly on the latter.

        I think you're right.

        I have a friend whose dad emigrated from Iraq over fifty years ago. The stateside family regularly calls the Iraqi-born family members who live in Iraq to say hello and catch up on current events - like how many schools have been painted that week or whether the electricity is on this month, or whether the price of gas in Baghdad is higher than in the U.S. honestly, I don't know what they talk about. But they do talk.

        Now, I have beers with my friend once or twice a week. We e-mail and call each other occasionally. I'm only separated by one phone call from his relatives in Iraq.

        You'd better bet my name is in one of these FBI "leads", and it's entirely inappropriate. Maybe they're checking out my surfing habits, too, because there's been a long stall lately whenever I check Slashdot's front page...hope I don't go to your page and involuntarily make you part of the conspiracy.

        At the top of the tree is my friend's family, calling relatives in Iraq. At the bottom, there's me, a critic of this administration. We're all connected by a single phone call from one "suspect" party to a "suspect" place. And yet I have no affiliations with terrorists somehow.

        I guess the guy with the microphone in his I.P.A. is the Feeb. See you at the pub!
        • by gstoddart ( 321705 ) on Wednesday May 31, 2006 @01:02PM (#15436715) Homepage
          At the top of the tree is my friend's family, calling relatives in Iraq. At the bottom, there's me, a critic of this administration. We're all connected by a single phone call from one "suspect" party to a "suspect" place. And yet I have no affiliations with terrorists somehow.

          Ah, but what you fail to realize (begin sarcasm) is that clearly there is a link between terrotists and those critical of this administration (end sarcasm).

          The prevailing attitude seems to be that it's unpatriotic to criticise them, and if you're a foreign person criticizing their actions, then you must be a terrorist. There's no middle ground for many.

          I'm glad my passport has expired, now I have an excuse to tell anyone who wants me to go the US to PFO. I'm tired of the bullshit. I used to hold the US constitution and system of government as an ideal, and one which wouldn't fall prey to this sort of crap. However, I'm being proven wrong on a weekly basis. Now they're just trying very hard to completely undermine all of those elements.

          The terrorists have not only won, but played into the hands of those who have always wanted to do this.
          • I'm guessing PFO stands for "Piss the Fark Off"

            If you're in the UK, the next time you need a passport, you're going to get a biometric thingamajigger, instead of a paper book with your photo, a barcode and some holograms.

            I'd suggest, to anyone in a country which has decided biometric (or RFID) passports are The Next Step (tm), that you renew your passport before they make the switch.
      • by Dausha ( 546002 ) on Wednesday May 31, 2006 @12:41PM (#15436517) Homepage
        "Terrorists are very well funded if we are to believe the crap that spews forth from our leaders so why dont they take an approach that is different from normal?"

        In the mid-90s, I took a course in Introduction to International Terrorism. The professor's master's thesis was on terrorist funding resources in the United States. He told us the story of how his thesis came together and the argument he got into with his advisor.

        He was studying somewhere in the Mid-West, I forget where. Anyway, the thesis ended up as a sort of bet: how active is terrorist funding in the following X Mid-Western cities? In the end, he found that several big-named groups (in the 1980s) were actively receving funds in those cities. He said his research was illuminating as to just how well-funded these groups were based only on activity in the U.S., not to mention other potential sources.

        So, while you may want to discount what the government says about terrorist funding, I say to you that without hearing this from the government I can assure you that terrorists are at least as well-funded as the government would have you believe. Just because the government says it does not make it false.
        • As said in the comment above.. a decade ago. Sympathizers in the USA were well known for supporting the IRA (Provisional Irish Republican Army / Real IRA) in Ireland through the 80's and 90's, and the UK has constantly houded the US to combat this funding.

          After 911 the US adminstration decreed along with the war on Terror - 'funding terrorism is a crime'. While the comment was primarliy aimed at Al-Queda, funding the IRA was (unintentionally?) put in the same category.

          Its probably always been illegal t
  • by nweaver ( 113078 ) on Wednesday May 31, 2006 @11:11AM (#15435662) Homepage
    The problem is, this strategy is not only ineffective, it can be counterproductive.

    There is plenty out there on the "Strength of weak links", where past associations (old roommates, sleeper cells), with not contact can be very strong service links when reinitiated.

    There is also plenty out there on how this is DoSing the FBI.

    And the tin foil hat crowd (a very popular piece of headware these days) will point out that this tool is far more useful for targeting individuals than searching for patterns. And what if you are the target?
    • by noewun ( 591275 ) on Wednesday May 31, 2006 @12:18PM (#15436293) Journal
      Was about to say the same thing. Traffic pattern analysis doesn't work at all for sleeper cells, like the people who carried out the 9/11 attacks. Sleeper cells, by definition, tend to be quiet for long periods of time with only intermittent contact between members and any organizing force. To someone looking at traffic pattern analysis, this will look no different from me talking to my cousin in Atlanta or my uncle in DC, which we do once in a long while. Analysis of the 9/11 hijackers would've shown normal, suburban usage.

      The trend in terrorism lately is decentralization: the guys who carried out the Madrid train bombings were home-grown, were not known terrorists, and were not previoiusly involved in any high level attacks or meetings. They didn't show up on anyone's radar precisely because they didn't fit any profile, nor would they be found with traffic pattern analysis. Add to this the recent news that the AQ higher ups have ceased using satellite or cel phones and you have the basic problem with asymetrical warfare, one which the White House and DoD refuse to learn: you can't fight a guy wearing a suicide vest with satellites and computers, and you can't find a loosely organized, ad hoc group of people by looking for organized cells. The top down model of terrorism is dead, and it seems to be the only thing we're still looking for.

      What we need, and what the White House and DoD are steadfastly refusing to develop, is old-fashioned HUMINT, human intelligence. We need speakers of Arab in all of the various dialects, we need people schooled in Middle Eastern politics, history, religion and socities, and we need to get people with Middle Eastern backgrounds into the intelligence services and up the command chain. One of the reasons the CIA was as efficient as it was in the 60s and 70s was the large number of working agents from countries in which they were working. Gust Avrakotos [] was such an effective agent in Greece and elsewhere because he spoke the native languages and knew the local customs. He wasn't viewing the space by satellite from DC. He was in the mix.

      Here endeth the rant.

  • Beside the point. (Score:5, Insightful)

    by TripMaster Monkey ( 862126 ) * on Wednesday May 31, 2006 @11:12AM (#15435673)

    If this wholesale data mining works, then the government will tout this success as justification for its acts. If it doesn't work, the government will complain that we're not letting them do enough to ensure our safety, and use the failure to justify even more outrageous violations of our privacy.

    Whether it works or not, however, is beside the point. The point is: is it legal? Enough people have maintained that it is not to warrant a serious investigation into the matter.
    • Next question: Do we want it to be legal?
      • From the article: "such as a call from overseas followed by a flurry of domestic calls"

        How to become a suspected terrorist:

        1) Niece in Pakistan...has first son

        2)Niece calls aunt in Dearborn for 5 minutes using neighbor's cell phone

        3)Proud aunt calls all of her friends and extended family in US/Canada

        4)FBI agent from Detroit digs out auntie's file....adds entry

        5) Auntie's Son at U of M attends Arab Heritage meeting in student union...add that to his file

        6)Cross reference Auntie and Son's files and callin

    • The worst thing about it is that I am paying for this shit! When did our goverment get so out of control?
    • by i am kman ( 972584 ) on Wednesday May 31, 2006 @11:59AM (#15436107)
      I don't think the question should be is it legal?

      The question should be is it consistent with America's values? Or is it moral? And I think the answer is a resounding NO!

      The problem when you ask about legality is that you get legal opinions with obscure analysis that circumvents the broader question of whether America SHOULD do this.

      It's alot like the debate surrounding our system of legalized bribery (except we call it lobbying). "Oh, they paid for a plane trip, let's make those illegal." The debates center around the legal technicalities, but largely ignore the larger problem of targeted contributions directly affecting specific votes and the immoral culture of lobbying.
    • "Able Danger" identified Atta and three of the other hijackers pre-9/11. []

      Instead of the government trying to cover up the success of Able Danger, it should be initiating twenty or so Able Danger-like data mining programs.
  • I know that YAhoo has commented on this because they datamine extensively to find surfing habits on their site to better place advertisements. Obviously this is a bit different, but the technology and methodology is similar. I have no problem with computers analyzing calling patterns. There was a distinct pattern of calls that lead up to 911 and other attacks. []
    • by plague3106 ( 71849 ) on Wednesday May 31, 2006 @11:24AM (#15435790)
      This won't work at all.

      They are operating under a logical fallacy. A flurry of calls after an overseas call does not mean the two are related in any way. Perhaps (and more likely than the person being a terrorist) is that the person which received the overseas call and then calls domestically is just relaying family information.

      I know my family operated like this (although completely within the US). All you had to do was tell my grandmother something, and you could rest assured she'd spread the news to the rest of the family for you.
      • When I first read the original post, I thought the same thing: families trying to save a buck by the overseas brother calling his grandma, or a businessman calling the office and the secretary spreading the word. However, this is only an argument about the way the data is interpreted, not about the way the data is collected. If this data mining is a good or bad thing is dependent on other stuff.
    • It is easy to spot "distinct patterns" after you know all the players and can put the pieces together in context. As they say, Hindsight is 20/20.

      I have a sister over-seas. If/when she calls anyone else in the family with news/updates/etc it will generate this pattern of many domestic calls as we have a large extended family who wants to know how she and her family is doing.

      This does not mean we are terrorist, even though we might fit this "pattern" of suspicious calls. I bet calls to 900 numbers are sus
    • There was a distinct pattern of calls that lead up to 911 and other attacks.

      Can you please provide a source [] for that statement?
      • Here's a start... 2 -nsa-template_x.htm []

        Obviously, everyone wants the government to stay out of the public's provate life, but there is a big difference between listening to peoples phone calls and looking for calling patterns. I find the latter to be somewhat acceptable, but it is subject to abuse like everything else. The government is in a tough situation where people demand protection, but want to maintain their civil rights rightfully so. It's a tough t

        • Obviously, everyone wants the government to stay out of the public's provate life, but there is a big difference between listening to peoples phone calls and looking for calling patterns.

          There is a difference in that one is expressly and well-established to be unconstitutional, and the other is merely of dubious constitutionality and prohibited by statute (or, at least, the telcos turning over the information si generally prohibited by statute.)

          OTOH, they are both the same in that they involve the gatherin

  • by scorp1us ( 235526 ) on Wednesday May 31, 2006 @11:13AM (#15435680) Journal
    The monitered person can distribute the calls through multiple phone lines. With cooperation, a group of individuals can pool phones to use and this system won't detect them. What is detectible is how many phone lines are registered to a person.

    However the government has yet to catch up to the real world. I can disitalyl distribute the message through the internet using techniques that would not arouse suspicion, partivularly with al the online gaming of today.

    Roger wilco anyone?

  • Attitude (Score:5, Insightful)

    by symbolic ( 11752 ) on Wednesday May 31, 2006 @11:14AM (#15435692)

    Aside from this being patently illegal, what bothers me is the cavalier attitude behind it, and the fact that it is already being abused to track down people who aren't terrorists, but who are merely doing their job to keep government entities like the NSA under some semblance of control - the journalists. There is no end to the manner in which this kind of information could be abused.
    • But, could they at least do a bit of good with that information and use it to eradicate the spammers?

      Nyah, I'm afraid.
    • Re:Attitude (Score:4, Interesting)

      by whathappenedtomonday ( 581634 ) on Wednesday May 31, 2006 @11:44AM (#15435988) Journal
      Aside from this being patently illegal, what bothers me is the cavalier attitude behind it

      I guess as the US is a democratic country, it's alright to do so. Democracy means, literally, rule by the people. The vast majority of people either doesn't care or doesn't get beyond posting "wtf, criminals!" on /.

      You'd have to shut down TV for a week or only a day - I bet enough people would start to care about this and many other things...

    • Re:Attitude (Score:3, Informative)

      by McBainLives ( 683602 )

      Aside from this being patently illegal...

      Is it, now? There's more to the Constitution than the 4th Amendment- try looking at Art. IV, Section 4 - The Executive and Legislature are obliged to protect the States, and any Judiciary right to review regarding such efforts is limited under the "political question" doctrine.

      what bothers me is the cavalier attitude behind it...

      If you don't like a politician's personality, vote for someone else. If your candidate loses, wait patiently for the next election

  • by JesseL ( 107722 ) on Wednesday May 31, 2006 @11:14AM (#15435694) Homepage Journal
    She's always getting calls from various places and then making a flurry of more local calls. She uses code phrases like "your cousin's baby was born last night and it's a boy", or "Great Aunt Zelda had a stroke but they say she's going to be okay".
  • Raise it to orange (Score:5, Insightful)

    by Trails ( 629752 ) on Wednesday May 31, 2006 @11:15AM (#15435695)
    "Hey Akbar, just calling to let you know Mohamed and Alimah just had a healthy baby boy!"

    "Oh great, I'll let the family over here know!"

    *meanwhile, in the basement of a bunker somewhere*

    "My God! It's nine eleven times ten thousand! Nine million one hundred and ten thousand!"

    • Or how about everybody who is in the importing/exporting business? Or companies that have offices overseas. Although as long as they are "Bush Approved" companies I'm sure they won't have any problems.

    • by IIH ( 33751 ) on Wednesday May 31, 2006 @11:45AM (#15435992)
      Or, a foreign visitor gets a call that a close family member is seriously ill, they make a flurry of phone calls to cancel hotels, ring the airline, book taxies, and then try and get on a plane home. NSA see "foreign call, flurry of calls, trying to get on a plane in a clearly agitated state - panic, panic, red flag!" and "Oh, we're sorry you couldn't get home before your father died, national security, you know."
  • Terrorists? (Score:5, Insightful)

    by RsG ( 809189 ) on Wednesday May 31, 2006 @11:15AM (#15435702)
    Whoever said this was about "terrorists"?

    A country of 300 million people cannot have that many actual terrorists in it, even if you count domestic lunies like Timothy McVeigh and the Unabomber in the category (or more accurately the next generation of bomb making lunies). Monitoring a sizable fraction of that 300m can't possibly be just about finding "terrorists" - for one thing it's a needle in a haystack, and for another the number of other uses/abuses of such a system are too many to count.

    Bet good money that most of the people who are or will be advesely affected by this surveilance have little or no connection with terrorism. Even if there was once some noble intent of protecting people by finding monsters hidden among them, it won't just be used for that. Any time you have a major source of power in polical hands, you can bet on it being abused eventually - and what greater power over a domestic population is there than widespread spying without judicial oversight?
  • by Red Flayer ( 890720 ) on Wednesday May 31, 2006 @11:21AM (#15435756) Journal
    "Can data mining identify terrorists?"

    No. It can identify people who have calling patterns associated with terrorist activity, regardless of whether they are a terrorist or not.

    Note that these calling patterns cannot be used to associate that person with a committed or planned crime in the normal data mining scenario.

    Data mining is unreasonable search.

    Now, I have no problem if they've got evidence of a crime or plan of a crime, and use known information to deduce who might else be involved. That's investigative work.

    Data mining is speculative work, not investigative, so regardless of whether it *can* be used for speculative 'research' into the activity of American citizens, it *shouldn't* be.
  • I wrote an article about spooks and social networks a while back when I used to use Orkut... Many thought it was far fetched... Imagine that... Cached Article []
  • by qwijibo ( 101731 ) on Wednesday May 31, 2006 @11:24AM (#15435786)
    This approach to finding patterns works well in marketing where getting a 1% rate of sales to contacts is a good response rate. The problem with using this approach for anything in the real world is the 99% of the time you're wrong.

    They looked at the history of a few people and found a pattern. Now that the pattern has been disclosed, only historical information is likely to have any merit. If the people controlling the communications know this is a way to be found, after getting a call from a watched country, they'll have the people go somewhere else and send emails or otherwise use a different channel for communication.

    Knowing all of the data points isn't enough if you don't know which ones in different databases (phone, email, etc) are related and why.
  • by beheaderaswp ( 549877 ) * on Wednesday May 31, 2006 @11:25AM (#15435794)
    What ever happened to "Live free or die", "Give me liberty or give me death", or "Those who are willing to sacrifice their basic liberties to assure their security deserve neither."?

    Those quotes are not just platitudes... they are *good ideas*.

    Keep the canned patriotism, give me my rights, and I'll just take my chances.
    • by mrchaotica ( 681592 ) * on Wednesday May 31, 2006 @11:38AM (#15435920)
      Indeed, all this bullshit about "stopping terrorists" or even "supporting the troops" does not represent patriotism, but the quotes you mentioned do. All American citizens ought to be reminded of that.
      • The scary part is sooner or later they will be. When enough rights have been infringed on and our way of life has changed enough, other americans will realize they no longer truely have freedom. At that point they will come to realize what real patriotism is. Its unfortunate that they take thier freedom for granted so much that they have to be reminded what it is in the worst possible way: Losing it.
    • Those worked in a world model where certain rules of honor and civil behavior prevented people from behaving in certain ways.

      If the british had had explosives and a willingness to sneak into those states and blow things up, then they would have been forced into the same surveillance methods we are being forced into.

      The only way to stop it is to eradicate people who do not follow civilized behavior
  • by Anonymous Coward
    The last question in the post is ill posed: can data mining find terrorists -- the answer is yes. Simply set the threshold low: select anyone who has used a phone at any time and you'll likely get most terrorists. The problem is not sensitivity -- the real problem is specificity. If you have no or low specificity then the FBI will be investigating everyone (even those who "have nothing to fear since they have nothing to hide"). Specificity is where the search process interfaces with the Bill of Rights
  • Dismissing the legality and morality of doing this...

    Let's look how most Network Intrusion Detection Systems work today, including the OSS favorite Snort [].

    We start off with a bunch if signatures. These signatures are analyzed against including network traffic. A signature is matched, an alert is sent out (syslog, mysql, whatever) and my little console displays the alert. I analyze, determine it's a "false alert". I try to tune it out, maybe, depending on frequency and annoyance, and continue on to the ne
    • Your logs aren't being appended to at a rate of ten thousand per minute, are they? You don't have three hundred million logfiles to manage, do you? And if you did, you'd expect an actual match quite often--daily, probably.

      Moreover, we have no idea what we're looking for. We could investigate absolutely everything, but that would take more manpower than we can spend on it. (Or rather, if we spent that much manpower, we'd experience a famine soon after.)

      The principle is the same, but the amount of data is eno
  • by Tired and Emotional ( 750842 ) on Wednesday May 31, 2006 @11:31AM (#15435857)
    I mean its obvious.

    A band leader gets a call from a booker in Europe who wants them come play.

    The band leader calls all the band members to line them up for the tour.

    They cancel any local gigs that overlapped.

    Those venues or bands call other bands or subs to fill those spots.

    Result: The NSA gets to be first in line for tickets.
  • False leads? No way! (Score:3, Interesting)

    by Pedrito ( 94783 ) on Wednesday May 31, 2006 @11:31AM (#15435862)
    How could those calling patterns ever cause false leads? Surely terrorists operate like clocks and do everything by the numbers.

    Okay, here's an example of how stupid the example given is (and it's not the example that's stupid, it's the intelligence community): I'm an American I have good friends, or maybe family living overseas. Let's say my brother lives in Germany and he just called me to tell me that his wife had a baby boy. So, what am I going to do? Call everyone in my family and anyone that knows my brother well and say, "Guess what, they had a baby boy."

    The fact is that, with calls between friends and family overseas in particular, the calls are not infrequently going to be some sort of major or semi-major news that the person in the States is then going to want to share with other friends and family. If the FBI is getting hit with all this garbage, I'm surprised they find time to do anything else.

    I'm not saying this stuff can't be used to find terrorists, but at what expense? I would imagine there are much more effective ways to spend the money.

    To bring the example a little closer to home, back in the early 90s when export restrictions on encryption were quite a bit tighter than they are now, I was asked by an uncle of mine (who's a venture capitalist) to do a little research into encryption. He had been approached by a group that had come up with some new encryption algorithm and he wanted me to get some sort of feel for how theirs stacked up.

    So, I go onto Usenet and start asking some questions, trying to educate myself on this stuff. A few weeks later, I'm talking to one of my neighbors and she says, "So, did you get that job at the White House?" I said, "What job at the White House?" She said, "Well, there were some agents from the State Department here asking questions about you and they said it was for a job at the White House."

    Now, I'm no rocket scientist, but I can do the math. Ask about encryption, agents show up. I suspect the two were related. I'm sure they were probably NSA agents since encryption is really more of their deal, or maybe State Dept. agents tasked by the NSA. But whatever.

    Had they even looked at my file, which I'm sure they had since I had a full background check for a security clearance a few years prior, they would have quickly discovered that I'm someone of little consequence and not a likely spy. But no, they had to send out a couple agents to investigate me asking questions that anyone from anywhere around the world could have posted on Usenet. What a complete waste of time and money. And it's not like you couldn't just download regulated encryption algorithms off the net at the time anyway.

    But I digress. Spending money to protect us is fine, if it's spent wisely. This is costing time of valuable people and untold amounts fo money for what is sure to be barely usable information. But hey, that should come as no shock to anyone.
  • such as a call from overseas followed by a flurry of domestic calls are used to identify leads

    ...for example, a relative from overseas calls to say that Uncle Buck died in his sleep last night. Or when your daughter who's living abroad calls to say that she's fallen in love and is getting married. What do you do after receiving such a call? You call all the members of your family. There are 2 trivial scenarios that break the system.

  • Is it a sign that this technique is grasping at straws that I can think of one instance where this calling pattern would pop up that is totally legitimate in the first ten seconds of thinking about it?

    The overseas shipping industry.
  • So how many times has this happened. One call to aunt Martha, who then spreads the workd and then gets a visit from the FBI or agents of HS.
  • by HangingChad ( 677530 ) on Wednesday May 31, 2006 @11:35AM (#15435894) Homepage
    Cheney accuses those he disagrees with of hoping our oceans defend us against terrorism, yet this bungling administration picks technologies that are both invasive to the innocent and ineffective in locating the guilty. We're spending billions on efforts that, at best, won't work and at worst will draw resources away from things that will be effective.

    There was a local news story about a terrorism suspect who was picked up locally because of a tip from a flight school. Not from monitoring his phone calls, not by fingerprinting him when he came into the country, not by spy plane, satellite or any other whiz bang technology. Just a clerk at a airport counter in the middle of bf nowhere. And that's the sensor net that offers the best hope we have of combating terrorism. The clerk at the store, the landlord they rent from, the agent at the ticket counter, the hotel clerk, rental car company, bell hops, and neighbors. It's not depending on the government to keep us safe because they can't. Government is too big and too slow to respond to a ever changing threat landscape. Had we not spent the last five years alienating the muslim and mid-eastern communities in this country and abusing the few Arab allies we have in the mid-east, we might have been able to develop a community network that would have been effective and inexpensive (in relative terms).

    No one seriously believes oceans can defend us, just like no one can seriously believe all the invasive technology being loosed on the people paying the bills is going to be any more effective.

    It's all really quite insane.

  • The real question is how many crooks are going to get off the hook because of this? Obtaining phone records without a warrant and then passing them to the FBI is going to get more than a few convictions vacated.
  • Pipe Dreams (Score:5, Insightful)

    by Khammurabi ( 962376 ) on Wednesday May 31, 2006 @11:40AM (#15435943)
    Can data mining identify terrorists?
    Not really. Computers are good at recognizing patterns only when there is a large repository of data to "train" the computer with. For example, neural networks [] are often better at recognizing patterns than if a person were to program a set of rules into a system. Man-made rules are often incomplete or lack the depth that a computer can bring to the table. A good example of this is Google Translate [], which is considered one of the better translation programs and is essentially an advanced neural net that was fed a huge wad of data to train from.

    America's data set on terrorism is in the single digits, and the data they do have is only partially complete. This means the only system that can be programmed is a set of user-created rules that "flag" questionable behavior. The solution is a poor one and will only improve our chances at detection by a fraction of a percent. (Seems a huge price to pay for privacy trampling to me.)

    In order to detect terrorism on American soil effectively, we'd need a larger data set. Otherwise we're just attempting to reverse engineer a process that essentially defines itself as dynamic enough to avoid detection. We'd need a frequent source of terrorism that we could derive models and nets off of. The immediate source that comes to mind is Iraq. If I were in charge of the NSA program, I think the best course of action would be to harness the call-traffic (satellite and domestic), email activity and other "data" that precedes suicide bombers (or other known acts of terrorism) in Iraq. Using this data you could train a system to recognize similarities in America. Short of that, anything the NSA is trying is a crap shoot.

    No. Freeing up lines of communication, preparing quick and actionable responses to warnings, and better general population awareness are probably more effective than grabbing a billion pieces of data and sifting through it for answers. It's impossible for a human to know what to look for, and until the NSA comes clean in what it's actualy doing, there's no justification for stomping out the few freedoms we still have. There are better alternatives out there that can be done with the help of the community and still preserve the integrity of our privacy.
  • This is about the US government spying on what it perceives as its biggest threat, its own citizens. The only terrorists they're going to catch with this are the mouth breathers and wannabees, like Moussawi. I can think of several far more secure ways to communicate than the freaking telephone. For one, drop your encrypted/stegged message into some high volume Usenet group in the alt.erotica.* hierarchy for your contact to surf by and pick up.

    Pity the poor sod gets the call from his cousin Seamus in Be

  • Don't politicians make lots of phone calls, some of which would be international calls? I knew it! Damn terrorists.
  • Templates" such as a call from overseas followed by a flurry of domestic calls are used to identify leads, which are forwarded to the FBI for investigation.

    Hmmm. So your father/son/sister/mother/brother/cousin/etc had some dramatic event happen overseas. Perhaps he was injured, or mugged, or perhaps everyone was just worried about him and he called to let you know he was safe.

    One phone-call to the homeland, a bunch of calls among relatives and friends to pass the information along.

    Sounds like it fits
  • "Templates" such as a call from overseas followed by a flurry of domestic calls are used to identify leads, which are forwarded to the FBI for investigation.

    So recently my uncle died. He lived in Thailand. My mom (his sister) received a call from overseas, then obviously called every relative here in the U.S. We even called travel agents and airlines trying to arrange last minute travel. So by the FBI's reasoning, we should be investigated for this "suspicious" activity. There are so many more legitimate re
  • Armed with details of billions of telephone calls, the National Security Agency used phone records linked to the Sept. 11, 2001 attacks to create a template of how phone activity among terrorists looks, say current and former intelligence officials who were briefed about the program. (from the USA Today article)

    Are they admitting to collecting details on domestic phone calls _before_ 9/11?
  • Simple answer (Score:4, Insightful)

    by radtea ( 464814 ) on Wednesday May 31, 2006 @11:52AM (#15436048)
    Can data mining identify terrorists?


    But it can identify people with large extended families who have relatives overseas and get an important call about a death in the family, notify all their North American relatives, and then have government agents show up on their door.

    Every single pattern-based terrorist screening method I have heard about sounds like something dreamed up in an air-conditioned office by some dork who never gets out very much and thinks all people are basically like him (and anyone who isn't ought to be subject to government investigation.)

    Hanging around public buildings taking pictures? Must be a terrorist. As opposed to say, just interested in taking pictures of public buildings because modern-day monumental architecture happens to turn you on.

    Want to learn to fly a 747 but don't have any interest in a career as a pilot? Must be a terrorist. Unless you happen to be fascinated by aircraft and think that a few weeks of flight school would give you bragging rights to die for at your local RC club.

    Like to pay with cash, even for purchases in the thousands like furniture or maybe a car? Must be a terrorist. Or maybe you don't qualify for a chequing account, or are just a little bit paranoid, or just don't fucking feel like doing anything else.

    These sorts of unvalidated, non-empirical, "feels like the right thing to me", ad hoc, imaginary "patterns of suspicious activity" are a major threat to freedom because they demonize and may even criminalize deviancy from the norm. It is a characteristic of unfree societies that deviancy from the norm is not just looked at asscance by the majority of the population, but is viewed as grounds for suspicion of the most heinious acts.

    Furthermore, such datamining solutions are not able to identify terrorists reliably even when they have all kinds of intelligence data entered into them. A report on the chilling-named MATRIX [] system indicates that the system was only able to identify 5 of the original 9/11 hijackers in a retrospective test, a 75% false negative rate, and it further identifed 120,000 other Americans who had a "high terrorism factor." Supposedly "scores of arrests" resulted from that list, although no one knows what the arrests were for or how many of those were sucessfully prosecuted. The odds are most of them were for drug possession charges that were laid as a result of the increased scrutiny certain individuals got by virtue of wholey baseless suspicions of terrorism. But let us grant 60 successful prosecutions for terrorist-related activities. That's a false positive rate of over 99.9%

    And that was when the system was loaded with specific intelligence data, which is no longer the case.

    Given the complete failure of such systems to detect terrorists in retrospective studies, and the horrifically high false positive rate, and the chilling effect such programs have on the freedom to be different, it is very hard to believe that their real purpose is to spy on Americans and impose a high degree of conformity on American society.

  • Templates" such as a call from overseas followed by a flurry of domestic calls are used to identify leads,

    As in:

    (Call from somewhere in Europe): Hi Mom, great news, it's a baby boy!

    (Multiple calls to relatives in US): Hey [mother/sister/brother/uncle/aunt], Jeff and Jane have just had a baby boy!

    (Next day): FBI! We have the place surrounded! Come out with your hands up!



  • Just as generals are always fighting the last war, the police are always solving the last crime. Terrorists are crazy but not stupid. High-tech methods are much less valuable than old-fashioned boots-on-the-ground mole-in-their- midst human intelligence.
  • Pick any one person, follow their social network out to six degrees of seperation, and you'll have terrorists. Lock all of them up. Problem solved.
  • As much as I usually support civil liberties for individuals against government intrusion, I am now asking myself: why did this story have to be published?

    After all we already paid a heavy price: all our phonecalls now end up in the NSA's database with the ostensible reason of tracking down potential terrorists. The one and only return would have been to enable the NSA to conduct traffic analysis on this data in order to form a dragnet with which to narrow down suspicion from hundreds of millions of subsc

  • As many have already pointed out trying to find unknown actors via data mining is not going to work very well.

    If we assume that the people at the NSA and other spy agencies are smart enough to know this too, then one has to ask what are they really trying to do.

    The answer is that monitoring known actors (such as political dissidents) who are members of known groups works well with these techniques.

    Here's my little essay on the subject (with some historical examples thrown in): []

  • Keep in mind... (Score:4, Interesting)

    by jjohnson ( 62583 ) on Wednesday May 31, 2006 @12:02PM (#15436140) Homepage
    Not that I'm at all happy about the monitoring, but in fairness, would the NSA/FBI report massive success with the data mining? Doing so would inform terrorists (drug dealers, lesbians, Democrats) that the simple pattern of their phone calls can identify them, forcing them to change their methods of communications, undermining the success of the program. It might be sufficient for them to publicly leak stories that the program isn't working while reporting to the government that it's actually quite successful. It certainly wouldn't be the first time disinformation has been used.

    An interesting aside: as reported by Bruce Schneier, al Qaeda members avoid Echelon by using shared Hotmail accounts. Rather than sending email, they create drafts and save them, and have a running conversation in the draft before deleting it. Not sending the email means the email doesn't trigger midpoint monitoring. Would they be doing that if they didn't know about Echelon?
  • Surely real terrorists aren't using telephones to plan their activities? I know if I was a terrorist I wouldn't. I'd be making an "X" on my window with duct tape, or carrying a newspaper rolled up under my left arm (but not my RIGHT arm - that means I was followed), or touching my nose with my forefinger.

    I have a feeling that we're only going to catch the really stupid terrorists this way - and they are probably the ones who don't do much damage to anyone but themselves. "Hey, Mohammed! Osama just called an
  • by Doc Ruby ( 173196 ) on Wednesday May 31, 2006 @12:04PM (#15436157) Homepage Journal
    "forwarded to the FBI for investigation"

    That dodge is how Bush can appear on TV saying "this NSA program doesn't listen to your calls", because they forward your calls to another program, at the FBI (and probably elsewhere). Feel safer?
  • and, while it can potentially be useful *if properly implemented* , it has been found to be of questionable use as well, in many cases because "profiling" is done with unsound methodology (i.e. people are associating the wrong sets of identifiers/characteristics with what they are trying to find: o ntroversies [] .

    Please note I am *not* trying to defend the idea of spying on Americans with what is most certainly data-mining. I'm just pointing out it looks like
  • Hey we have all this data! We can use it to accurately predict future behavior of a large group of autonomous, independent human beings!

    *BZZT* Wrong. This is the danger of falling into the social science trap, where you think that because 1 group of individuals has acted a certain way in the past, that another (however similar) group of individuals will act the same way in the future.
  • by Roblimo ( 357 ) on Wednesday May 31, 2006 @12:22PM (#15436334) Homepage Journal
    A not-unlikely scenario:

    1) A Pakistani developer starts an interesting FOSS project.

    2) I test a copy and like it. He then calls me or I call him for a phone interview.

    3) My next step is to call a bunch of sources in the U.S. and elsewhere, ask what they think of the software.

    So with no family or friends in Pakistan, I am suddenly a potential terrorist threat by NSA standards. Uh huh.

    It doesn't need to be a story about software, either. One about anti-terrorism activities could generate a similar call pattern.

    On the other hand, I suppose that by current U.S. government standards, any journalist who makes a lot of calls to verify a story, instead of being a Good Little Boy and sticking to "official sources," is nearly as dangerous as a terrorist, anyway.

  • by advocate_one ( 662832 ) on Wednesday May 31, 2006 @12:37PM (#15436470)
    they would really, really have to work hard to establish links between postings in high traffic usenet groups and the people reading them... an awfull lot of info can be put into a subject line without making it too obvious and the recipient merely has to download the headers, doesn't actually have to access the body at all... so there's absolutely no way to ascertain who, out of the thousands of people using that group, is actually receiving commands.

    Similarly with blog comments... a lot of it looks like spam, but it could be disguised commands, and it can be seen by people using search engines so there's a disconnect (cutout) between the poster and the recipient. All the reader would have to do would be to search on an innocent phrase agreed between the poster and the recipient and then view the cache of the page that matches that content...

    they could be using Slashdot right now to coordinate the next big one...

  • by Behemoth ( 4137 ) on Wednesday May 31, 2006 @02:11PM (#15437440) Homepage
    Bruce Schneier wrote an interesting piece on why data-mining not only doesn't work, but can't work in the context of finding terrorist plots:,70357-0.html?t w=wn_story []

    In a nutshell, his premise is that the underlying assumptions that make data mining work for such things as credit card fraud don't hold when searching for terrorist plots. Also, that trying to apply those models will result in a flurry of false negatives so large as to make the whole effort useless and a waste of resources which could otherwise be better spent. It's hard to argue with...

There's no such thing as a free lunch. -- Milton Friendman