Sunday, June 04, 2006

Persons, Houses, Papers and Effects

Once Again It's Legal Because Bush Says It Is

Reaching into homes and businesses across the nation, amassing information about the calls of ordinary Americans — most of whom aren't suspected of any crime. The NSA program does not involve the NSA listening to or recording conversations. The spy agency claims to be using the data to analyze calling patterns in an effort to detect terrorist activity.

"It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added.

Last year, Bush authorized the NSA to eavesdrop — without warrants — on international calls and international e-mails of people suspected of having links to terrorists when one party to the communication is in the USA. Nor have warrants been used in the NSA's efforts to create a national call database.

According to the President the NSA is focused exclusively on international calls. "In other words," Bush explained, "one end of the communication must be outside the United States." Domestic call records — those of calls that originate and terminate within U.S. borders — were by implication private.

The implication is not the case. Through records of billions of domestic calls, the NSA has a window into the habits of millions of Americans. Names and other personal information are, supposedly, not being handed over , but the records can be cross-referenced with other databases to obtain that information.

"There is no domestic surveillance without court approval," said Dana Perino, White House deputy press secretary, referring to actual eavesdropping.

She added that all national intelligence activities undertaken by the federal government "are lawful, necessary and required for the pursuit of al-Qaeda and affiliated terrorists." All government-sponsored intelligence activities "are carefully reviewed and monitored," Perino said. She also noted that "all appropriate members of Congress have been briefed on the intelligence efforts of the United States."

Unfortunately, the reviewing and monitoring are being done by the same people who are collecting and using the information. You have to judge how likely it is that they'll find their own actions unlawful.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Do you think the Fourth Amendment ranks very high on their agenda?

Maybe, since they're not seeking warrants, or swearing any oaths, nor particularly describing places to be searched or persons and things to be siezed, they think they're complying with the Constitution, in the breach and by omission, collecting "external" data on domestic phone calls but not intercepting "internals," the actual content of the communication. Data collection from phone companies is not uncommon; it's been done before. The data are used for "social network analysis," to study how terrorist networks contact each other and how they are tied together.

Do you think they need billions of records, of millions of citizens to analyze those networks?

Are we all suspect, until proven loyal to the President?

And can someone tell me why there are three hundred and twenty-five thousand names on the terrorist watch list?

Or why it includes U.S. Senators, infants and senior citizens not charged, chargeable or even suspected of any crime at all?

The only hole in the NSA's database may be Qwest's refusal to participate. Qwest provides local phone service to 14 million customers in 14 states in the West and Northwest. But AT&T and Verizon also provide some services — primarily long-distance and wireless — to people who live in Qwest's region. Therefore, they can provide the NSA with at least some access in that area.

The NSA is charged with protecting the United States from foreign security threats. Once the agency was so secret the government refused to even confirm its existence. Insiders joked that NSA stood for "No Such Agency."

In 1975 congressional investigation revealed that the NSA had been intercepting, without warrants, international communications for more than 20 years at the behest of the CIA and other agencies. The spy campaign, code-named "Shamrock," led to the Foreign Intelligence Surveillance Act (FISA), which was designed to protect Americans from illegal eavesdropping.

Enacted in 1978, FISA lays out procedures that the U.S. government must follow to conduct electronic surveillance and physical searches of people believed to be engaged in espionage or international terrorism against the United States. A special court, which has 11 members, is responsible for adjudicating requests under FISA.

Code-breaking has continued to improve in parallel with technology. Today the agency is expert in the practice of "data mining" — sifting through reams of information in search of patterns — one of many tools analysts and mathematicians use to crack codes and track communications.

Paul Butler, a former U.S. prosecutor who specialized in terrorism crimes, said FISA approval generally isn't necessary for government data-mining operations. "FISA does not prohibit the government from doing data mining," said Butler, now a partner with the law firm Akin Gump Strauss Hauer & Feld in Washington, D.C.

The caveat, he said, is that "personal identifiers" — such as names, Social Security numbers and street addresses — can't be included as part of the search. "That requires an additional level of probable cause," he said.

The usefulness of the domestic phone-call database as a counterterrorism tool is unclear. Also unclear is whether the database has been used for other purposes.

They probably, lawfully, had the information needed on September 10, 2006 to thwart the attack on September 11th . What they didn't have were enough arabic, pashto, and farsi speaking analysts. Despite all warnings, despite previous attacks, they didn't take a band of fanatics seriously.

And still don't. We're so busy worrying about governments that the Taliban is resurgent in Afghanistan and insurgents have free reign from Iraq to Pakistan, from Madrid ,to Mogadishu, to the London subway system.

Local and regional phone companies have, in the past, required law enforcement agencies to present a court order before they would consider turning over a customer's calling data. That was innate in the personality of the old Bell Telephone System, out of which those companies grew.

NEW YORK -- Former National Security Agency director Bobby Ray Inman lashed out at the Bush administration Monday night over its continued use of warrantless domestic wiretaps, making him one of the highest-ranking former intelligence officials to criticize the program in public, analysts say.

"This activity is not authorized," Inman said, as part of a panel discussion on eavesdropping that was sponsored by The New York Public Library. The Bush administration "need(s) to get away from the idea that they can continue doing it."

Since the NSA eavesdropping program was unveiled in December, Inman -- like other senior members of the intelligence community -- has been measured in the public statements he's made about the agency he headed under President Jimmy Carter. He maintained that his former colleagues "only act in accordance with law." When asked whether the president had the legal authority to order the surveillance, Inman replied in December, "Someone else would have to give you the good answer."

But sitting in a brightly lit basement auditorium at the library next to James Risen, the New York Times reporter who broke the surveillance story, Inman's tone changed. He called on the president to "walk into the modern world" and change the law governing the wiretaps -- or abandon the program altogether.

"The program has drawn a lot of criticism, but thus far former military and intelligence officials have not spoken up. To have Adm. Inman -- the former head of the NSA -- (come) forward with this critique is significant," said Patrick Radden Keefe, author of Chatter: Dispatches From the Secret World of Global Eavesdropping, who sat on the panel with Inman and Risen. "Because of the secrecy surrounding this type of activity, much of the criticism has come from outsiders who don't have a firm grasp of the mechanics and the utility of electronic intelligence. Inman knows whereof he speaks."

In 1978, Inman helped spearhead the effort to pass the Foreign Intelligence Surveillance Act, or FISA, which makes it illegal to eavesdrop on American citizens without court approval. Inman said he wouldn't have a problem sidestepping that law -- as a "limited response to an emergency situation," like the terror attacks of Sept. 11, 2001. But nearly five years since those strikes, the NSA is continuing to track phone calls and e-mails without warrants.

Inman didn't contest the Bush administration's claim that the FISA courts can't keep up with the NSA's new breed of surveillance. "My problem is not going to Congress to revise the statute to deal with the problems I didn't think of in '78," Inman said. "We can do what the country needs and work within the law."

The bedrock principle — protection of the customer — guided the company for decades. Gene Kimmelman, senior public policy director of Consumers Union said, "No court order, no customer information — period. That's how it was for decades."

Concern was based on law: Under Section 222 of the Communications Act, first passed in 1934, telephone companies are prohibited from giving out information regarding their customers' calling habits: whom a person calls, how often and what routes those calls take to reach their final destination. Inbound calls, as well as wireless calls, also are covered.

The financial penalties for violating Section 222 can be stiff. The Federal Communications Commission, the nation's top telecommunications regulatory agency, can levy fines of up to $130,000 per day per violation, with a cap of $1.325 million per violation. The FCC has no hard definition of "violation." In practice, that means a single "violation" could cover one customer or 1 million.

NSA representatives approached the nation's biggest telecommunications companies soon after the Sept. 11 attacks. The agency made an urgent pitch: National security is at risk, and we need your help to protect the country from attacks.They were told that it wanted their "call-detail records," a complete listing of the calling histories of their millions of customers. Plus, the NSA wanted the carriers to provide updates, which would enable the agency to keep tabs on the nation's calling habits.

Joe Nacchio, Qwest's CEO at the time, was extremely troubled by the NSA's claim that Qwest didn't need a court's order or approval — under FISA. Qwest was unsure about who would access its customers' information and how their information might be used.

Financial consequences were also a concern. Illegally divulging calling information can be subject to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines could be enormous.

Other government agencies, including the FBI, CIA and DEA, might also have access to the data. The NSA regularly shares information — known as "product" in intelligence circles — with other intelligence groups. Qwest's lawyers were worried by the extent of the NSA request.

To pressure Qwest, NSA representatives told Qwest that it was the lone holdout among the major telecommunications companies. It tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, then suggested that Qwest's foot-dragging could affect its ability to get future classified work with the government. Qwest had classified contracts and hoped to get more.

Qwest's lawyers asked NSA to take its proposal to the FISA court. The agency refused. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events.”

The NSA record collection program

Excerpts From: Why Data Mining Won't Stop Terror

By Bruce Schneier
Wired News
March 9, 2005

…Many believe data mining is the crystal ball that will enable us to uncover future terrorist plots. But even in the most wildly optimistic projections, data mining isn't tenable for that purpose. We're not trading privacy for security; we're giving up privacy and getting no security in return.

Most people first learned about data mining in November 2002, when news broke about a massive government data mining program called Total Information Awareness. The basic idea was as audacious as it was repellent: suck up as much data as possible about everyone, sift through it with massive computers, and investigate patterns that might indicate terrorist plots.

Americans across the political spectrum denounced the program, and in September 2003, Congress eliminated its funding and closed its offices.

But TIA didn't die. According to The National Journal, it just changed its name and moved inside the Defense Department.

This shouldn't be a surprise. In May 2004, the General Accounting Office published a report (.pdf) listing 122 different federal government data-mining programs that used people's personal information. This list didn't include classified programs, like the NSA's eavesdropping effort or state-run programs like MATRIX.

The promise of data mining is compelling, and convinces many. But it's wrong. We're not going to find terrorist plots through systems like this, and we're going to waste valuable resources chasing down false alarms. To understand why, we have to look at the economics of the system.

Security is always a trade-off, and for a system to be worthwhile, the advantages have to be greater than the disadvantages. A national security data-mining program is going to find some percentage of real attacks and some percentage of false alarms. If the benefits of finding and stopping those attacks outweigh the cost -- in money, liberties, etc. -- then the system is a good one. If not, you'd be better off spending that capital elsewhere.

Data mining works best when you're searching for a well-defined profile, a reasonable number of attacks per year and a low cost of false alarms. Credit-card fraud is one of data mining's success stories: all credit-card companies mine their transaction databases for data for spending patterns that indicate a stolen card.

Many credit-card thieves share a pattern -- purchase expensive luxury goods, purchase things that can be easily fenced, etc. -- and data mining systems can minimize the losses in many cases by shutting down the card. In addition, the cost of false alarms is only a phone call to the cardholder asking him to verify a couple of purchases. The cardholders don't even resent these phone calls -- as long as they're infrequent -- so the cost is just a few minutes of operator time.

Terrorist plots are different. There is no well-defined profile and attacks are very rare. Taken together, these facts mean that data-mining systems won't uncover any terrorist plots until they are very accurate, and that even very accurate systems will be so flooded with false alarms that they will be useless.

All data-mining systems fail in two different ways: false positives and false negatives. A false positive is when the system identifies a terrorist plot that really isn't one. A false negative is when the system misses an actual terrorist plot. Depending on how you "tune" your detection algorithms, you can err on one side or the other: you can increase the number of false positives to ensure you are less likely to miss an actual terrorist plot, or you can reduce the number of false positives at the expense of missing terrorist plots.

To reduce both those numbers, you need a well-defined profile. And that's a problem when it comes to terrorism. In hindsight, it was really easy to connect the 9/11 dots and point to the warning signs, but it's much harder before the fact. Certainly, many terrorist plots share common warning signs, but each is unique, as well. The better you can define what you're looking for, the better your results will be. Data mining for terrorist plots will be sloppy, and it'll be hard to find anything useful.

Data mining is like searching for a needle in a haystack. There are 900 million credit cards in circulation in the United States. According to the FTC September 2003 Identity Theft Survey Report, about 1 percent (10 million) cards are stolen and fraudulently used each year.

When it comes to terrorism, however, trillions of connections exist between people and events -- things that the data-mining system will have to "look at" -- and very few plots. This rarity makes even accurate identification systems useless.

Let's look at some numbers. We'll be optimistic -- we'll assume the system has a one in 100 false-positive rate (99 percent accurate), and a one in 1,000 false-negative rate (99.9 percent accurate). Assume 1 trillion possible indicators to sift through: that's about 10 events -- e-mails, phone calls, purchases, web destinations, whatever -- per person in the United States per day. Also assume that 10 of them are actually terrorists plotting.

This unrealistically accurate system will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day of every year, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month. Raise that false-positive accuracy to an absurd 99.9999 percent and you're still chasing 2,750 false alarms per day -- but that will inevitably raise your false negatives, and you're going to miss some of those 10 real plots.

… In statistics, it's called the "base rate fallacy," and it applies in other domains as well. For example, even highly accurate medical tests are useless as diagnostic tools if the incidence of the disease is rare in the general population. Terrorist attacks are also rare, any "test" is going to result in an endless stream of false alarms.

This is exactly the sort of thing we saw with the NSA's eavesdropping program: the New York Times reported that the computers spat out thousands of tips per month. Every one of them turned out to be a false alarm.

And the cost was enormous -- not just for the FBI agents running around chasing dead-end leads instead of doing things that might actually make us safer, but also the cost in civil liberties.…

Data mining can work. It helps Visa keep the costs of fraud down, just as it helps Amazon alert me to books I might want to buy and Google show me advertising I'm more likely to be interested in. But these are all instances where the cost of false positives is low (a phone call from a Visa operator or an uninteresting ad) in systems that have value even if there is a high number of false negatives.

Finding terrorism plots is not a problem that lends itself to data mining. It's a needle-in-a-haystack problem, and throwing more hay on the pile doesn't make that problem any easier. We'd be far better off putting people in charge of investigating potential plots and letting them direct the computers, instead of putting the computers in charge and letting them decide who should be investigated.

The Total Information Awareness Project Lives On

Technology behind the Pentagon's controversial data-mining project has been acquired by NSA, and is probably in use.

By Mark Williams

In April, the Electronic Frontier Foundation (EFF), the advocacy organization for citizens' digital rights, filed evidence to support its class-action lawsuit alleging that telecom giant AT&T gave the National Security Agency (NSA), the ultra-secret U.S. agency that's the world's largest espionage organization, unfettered access to Americans' telephone and Internet communications. The lawsuit is one more episode in the public controversy that erupted in December 2005, when the New York Times revealed that, following September 11, President Bush authorized a far-reaching NSA surveillance program that included warrantless electronic eavesdropping on telephone calls and e-mails of individuals within the United States.

Critics charged that the Bush administration had violated both the Constitution's Fourth Amendment, which protects citizens against unwarranted search or seizure, and the Foreign Intelligence Surveillance Act (FISA) of 1978, which requires eavesdropping warrants to be obtained from a special court of judges empowered for that purpose.

In February 2006, the controversy intensified. Reports emerged that component technologies of the supposedly defunct Total Information Awareness (TIA) project -- established in 2002 by the Pentagon's Defense Advanced Research Projects Agency (DARPA) to develop advanced information technology to counter terrorists, then terminated by Congress in 2003 because of widespread criticism that it would create "Orwellian" mass surveillance -- had been acquired by the NSA.

Washington's lawmakers ostensibly killed the TIA project in Section 8131 of the Department of Defense Appropriations Act for fiscal 2004. But legislators wrote a classified annex to that document which preserved funding for TIA's component technologies, if they were transferred to other government agencies, say sources who have seen the document, according to reports first published in The National Journal. Congress did stipulate that those technologies should only be used for military or foreign intelligence purposes against non-U.S. citizens. Still, while those component projects' names were changed, their funding remained intact, sometimes under the same contracts.

Thus, two principal components of the overall TIA project have migrated to the Advanced Research and Development Activity (ARDA), which is housed somewhere among the 60-odd buildings of "Crypto City," as NSA headquarters in Fort Meade, MD, is nicknamed. One of the TIA components that ARDA acquired, the Information Awareness Prototype System, was the core architecture that would have integrated all the information extraction, analysis, and dissemination tools developed under TIA. According to The National Journal, it was renamed "Basketball." The other, Genoa II, used information technologies to help analysts and decision makers anticipate and pre-empt terrorist attacks. It was renamed "Topsail."

Has the NSA been employing those TIA technologies in its surveillance within the United States? And what exactly is the agency doing, anyway?

The hearings that the Senate Judiciary Committee convened in February to consider the NSA's surveillance gave some clues. Attorney General Alberto Gonzales, maintaining the administration's defense against charges that it violated the Fourth Amendment and FISA, told senators, firstly, that Article II of the U.S. Constitution granted a president authority to conduct such monitoring and, secondly, that the Authorization to Use Military Force (AUMF) passed after September 11 specified that the president could "use all necessary and appropriate force" to prevent future terrorist acts. Regarding FISA, Gonzalez claimed, the NSA had sidestepped its requirements to obtain warrants for electronic eavesdropping in particular cases. But, overall, the attorney general said, FISA worked well and the authorities had used it increasingly. The available facts support Gonzalez's contention: while the FISA court issued about 500 warrants per year from 1979 through 1995, in 2004 (the last year for which public records exist) 1,758 warrants were issued.

But when senators asked why, given the fact that FISA had provisions by which government agents could wiretap first and seek warrants later, the Bush administration had sidestepped its requirements at all, Gonzalez claimed he couldn't elaborate for reasons of national security.

Former NASA director General Michael Hayden, in charge when the NSA's surveillance program was initiated in 2002, was slightly more forthcoming. FISA wasn't applicable in certain cases, he told the senators, because the NSA's surveillance relied on what he called a "subtly softer trigger" before full-scale eavesdropping began. Hayden, who is nowadays the nation's second-highest ranking intelligence official, as deputy director of national intelligence, said he could answer further questions only in closed session.

… testimony that the government is making increased use of FISA, together with his refusal to explain why it's inapplicable in some cases -- even though retroactive warrants can be issued -- implies that the issue isn't simply that government agents may sometimes want to act quickly. FISA rules demand that
old-fashioned "probable cause" be shown before the FISA court issues warrants for electronic surveillance of a specific individual. Probable cause would be inapplicable if NSA were engaged in the automated analysis and data mining of telephone and e-mail communications in order to target possible terrorism suspects.

… NSA has access to the switches and records of most or all of the nation's leading telecommunications companies. These companies' resources are extensive:

AT&T's data center in Kansas, for instance, contains electronic records of 1.92 trillion telephone calls over several decades.

… the majority of international telecommunications nowadays no longer travel by satellite, but by undersea fiber-optic cables, so many carriers route international calls through their domestic U.S. switches.

With the companies' compliance, the NSA can tap into those international communications far more easily than in the past, and in real time (or close to it). The NSA's supercomputers can digitally vacuum up every call placed on a network and apply an arsenal of data-mining tools.

Traffic analysis, together with social network theory, can, in theory, reveal patterns indiscernible to human analysts, possibly suggesting terrorist activity. Content filtering, applying highly sophisticated search algorithms and powerful statistical methods like Bayesian analysis in tandem with machine learning, can search for particular words or language combinations that may, in theory, indicate terrorist communications.

In practice … they produce massive watch lists and time wasting false alarms.

Whether the specific technologies developed under TIA and acquired by ARDA have actually been used in the NSA's domestic surveillance programs -- rather than only for intelligence gathering overseas -- has not been proved. Descriptions of the two former TIA programs that became Topsail and Basketball mirror descriptions of ARDA and NSA technologies for analyzing vast streams of telephone and e-mail communications. One project manager active in the TIA program before it was terminated has gone on record to the effect that, while TIA was still funded, its researchers communicated regularly and maintained "good coordination" with their ARDA counterparts.

This is the point. Whether or not those specific TIA technologies were deployed for domestic U.S. surveillance, technologies very much like them were. In 2002 ARDA awarded $64 million in research contracts for a new program called Novel Intelligence from Massive Data. A 2004 survey by the U.S. General Accounting Office, an investigative arm of Congress, found federal agencies operating or developing 199 data mining projects, with more than 120 programs designed to collect and analyze large amounts of personal data on individuals to predict their behavior. The accounting office excluded most of the classified projects, so the actual numbers would have been higher.

And, there exist all the data-mining applications currently employed in the private sector for purposes like detecting credit card fraud or predicting health risks for insurance. All of that information goes into databases which, given sufficient government motivation or even the normal mission creep, may sooner or later be accessible to the authorities.

How should data-mining technologies like TIA be applied in a democracy? It makes little sense to insist on rigid interpretations of the FISA law was passed by Congress 30 years ago. Terrorist threats on al Qaeda's scale did not exist and technological developments hadn't given unprecedented destructive power to small groups and individuals.…

In an essay published next month in the New York University Review of Law and Security, titled "Whispering Wires and Warrantless Wiretaps: Data Mining and Foreign Intelligence Surveillance," K. Taipale, executive director of the Center for Advanced Studies in Science and Technology Policy, points out that in 1978, when FISA was drafted, it made sense to speak exclusively about intercepting a targeted communication, where there were usually two known ends and a dedicated communication channel that could be wiretapped.

Today data, and increasingly voice communications, are broken into discrete packets. Intercepting such communications requires that filters be deployed at various communication nodes to scan all passing traffic with the hope of finding and extracting the packets of interest and reassembling them. Even targeting a specific message from a known sender today generally requires scanning and filtering the entire communication flow in which it's embedded. Given that situation, Taipale argues, were FISA to be "applied strictly according to its terms prior to any 'electronic surveillance' of foreign communication flows passing through the U.S. or where there is a substantial likelihood of intercepting U.S. persons, then no automated monitoring of any kind could occur."

Taipale, but not the Bush administration, proposes not that FISA should be modified to allow for the electronic surveillance equivalent of a Terry stop -- under U.S. law, the brief "stop and frisk" of a person by a law enforcement officer based on the legal standard of reasonable suspicion. In the context of automated data mining, it would mean that if suspicion turned out to be unjustified, after further monitoring, it would be discontinued. If, on the other hand, continued suspicion was reasonable, then it would continue, and at a certain point be escalated so that human agents would be called in to decide whether a suspicious individual's identity should be determined and a FISA warrant issued.

Of course, that turns the Bill of Rights on its head.

To attempt to maintain FISA and the rest of our current laws about privacy without modifications to address today's changed technological context, Taipale insists, amounts to a kind of absolutism that is ultimately self-defeating. For example, one of the technologies in the original TIA project, the Genisys Privacy Protection program, was intended to enable greater access to data for security reasons while simultaneously protecting individuals' privacy by providing critical data to analysts via anonymized transaction data and by exposing identity only if evidence and appropriate authorization was obtained for further investigation. Ironically, Genisys was the one technology that definitely had its funding terminated and was not continued by another government agency after the public outcry over TIA.

Home page image is available under GNU Free Documentation License 1.2. Caption: Original logo of the now-defunct Total Information Awareness Office, which drew much criticism for its "spooky" images.

con·cept: Persons, Houses, Papers and Effects