[tt] NYT: N.S.A. Gathers Data on Social Connections of U.S. Citizens

[Eugen Leitl]

----- Forwarded message from Frank Forman <checker at panix.com> -----

Date: Mon, 30 Sep 2013 15:42:01 +0000 (GMT)
From: Frank Forman <checker at panix.com>
To: Transhuman Tech <tt at postbiota.org>
Subject: [tt] NYT: N.S.A. Gathers Data on Social Connections of U.S. Citizens

Laura Poitras was featured on the cover of the NYT Magazine, which
article I sent to this list. Now she has an NYT byline, which is as
respectable as you can get.

N.S.A. Gathers Data on Social Connections of U.S. Citizens
http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html

By JAMES RISEN and LAURA POITRAS

WASHINGTON--Since 2010, the National Security Agency has been
exploiting its huge collections of data to create sophisticated
graphs of some Americans' social connections that can identify their
associates, their locations at certain times, their traveling
companions and other personal information, according to newly
disclosed documents and interviews with officials.

The spy agency began allowing the analysis of phone call and e-mail
logs in November 2010 to examine Americans' networks of associations
for foreign intelligence purposes after N.S.A. officials lifted
restrictions on the practice, according to documents provided by
Edward J. Snowden, the former N.S.A. contractor.

The policy shift was intended to help the agency "discover and
track" connections between intelligence targets overseas and people
in the United States, according to an N.S.A. memorandum from January
2011. The agency was authorized to conduct "large-scale graph
analysis on very large sets of communications metadata without
having to check foreignness" of every e-mail address, phone number
or other identifier, the document said. Because of concerns about
infringing on the privacy of American citizens, the computer
analysis of such data had previously been permitted only for
foreigners.

The agency can augment the communications data with material from
public, commercial and other sources, including bank codes,
insurance information, Facebook profiles, passenger manifests, voter
registration rolls and GPS location information, as well as property
records and unspecified tax data, according to the documents. They
do not indicate any restrictions on the use of such "enrichment"
data, and several former senior Obama administration officials said
the agency drew on it for both Americans and foreigners.

N.S.A. officials declined to say how many Americans have been caught
up in the effort, including people involved in no wrongdoing. The
documents do not describe what has resulted from the scrutiny, which
links phone numbers and e-mails in a "contact chain" tied directly
or indirectly to a person or organization overseas that is of
foreign intelligence interest.

The new disclosures add to the growing body of knowledge in recent
months about the N.S.A.'s access to and use of private information
concerning Americans, prompting lawmakers in Washington to call for
reining in the agency and President Obama to order an examination of
its surveillance policies. Almost everything about the agency's
operations is hidden, and the decision to revise the limits
concerning Americans was made in secret, without review by the
nation's intelligence court or any public debate. As far back as
2006, a Justice Department memo warned of the potential for the
"misuse" of such information without adequate safeguards.

An agency spokeswoman, asked about the analyses of Americans' data,
said, "All data queries must include a foreign intelligence
justification, period."

"All of N.S.A.'s work has a foreign intelligence purpose," the
spokeswoman added. "Our activities are centered on counterterrorism,
counterproliferation and cybersecurity."

The legal underpinning of the policy change, she said, was a 1979
Supreme Court ruling that Americans could have no expectation of
privacy about what numbers they had called. Based on that ruling,
the Justice Department and the Pentagon decided that it was
permissible to create contact chains using Americans' "metadata,"
which includes the timing, location and other details of calls and
e-mails, but not their content. The agency is not required to seek
warrants for the analyses from the Foreign Intelligence Surveillance
Court.

N.S.A. officials declined to identify which phone and e-mail
databases are used to create the social network diagrams, and the
documents provided by Mr. Snowden do not specify them. The agency
did say that the large database of Americans' domestic phone call
records, which was revealed by Mr. Snowden in June and caused
bipartisan alarm in Washington, was excluded. (N.S.A. officials have
previously acknowledged that the agency has done limited analysis in
that database, collected under provisions of the Patriot Act,
exclusively for people who might be linked to terrorism suspects.)

But the agency has multiple collection programs and databases, the
former officials said, adding that the social networking analyses
relied on both domestic and international metadata. They spoke only
on the condition of anonymity because the information was
classified.

The concerns in the United States since Mr. Snowden's revelations
have largely focused on the scope of the agency's collection of the
private data of Americans and the potential for abuse. But the new
documents provide a rare window into what the N.S.A. actually does
with the information it gathers.

A series of agency PowerPoint presentations and memos describe how
the N.S.A. has been able to develop software and other tools--one
document cited a new generation of programs that "revolutionize"
data collection and analysis--to unlock as many secrets about
individuals as possible.

The spy agency, led by Gen. Keith B. Alexander, an unabashed
advocate for more weapons in the hunt for information about the
nation's adversaries, clearly views its collections of metadata as
one of its most powerful resources. N.S.A. analysts can exploit that
information to develop a portrait of an individual, one that is
perhaps more complete and predictive of behavior than could be
obtained by listening to phone conversations or reading e-mails,
experts say.

Phone and e-mail logs, for example, allow analysts to identify
people's friends and associates, detect where they were at a certain
time, acquire clues to religious or political affiliations, and pick
up sensitive information like regular calls to a psychiatrist's
office, late-night messages to an extramarital partner or exchanges
with a fellow plotter.

"Metadata can be very revealing," said Orin S. Kerr, a law professor
at George Washington University. "Knowing things like the number
someone just dialed or the location of the person's cellphone is
going to allow them to assemble a picture of what someone is up to.
It's the digital equivalent of tailing a suspect."

The N.S.A. had been pushing for more than a decade to obtain the
rule change allowing the analysis of Americans' phone and e-mail
data. Intelligence officials had been frustrated that they had to
stop when a contact chain hit a telephone number or e-mail address
believed to be used by an American, even though it might yield
valuable intelligence primarily concerning a foreigner who was
overseas, according to documents previously disclosed by Mr.
Snowden. N.S.A. officials also wanted to employ the agency's
advanced computer analysis tools to sift through its huge databases
with much greater efficiency.

The agency had asked for the new power as early as 1999, the
documents show, but had been initially rebuffed because it was not
permitted under rules of the Foreign Intelligence Surveillance Court
that were intended to protect the privacy of Americans.

A 2009 draft of an N.S.A. inspector general's report suggests that
contact chaining and analysis may have been done on Americans'
communications data under the Bush administration's program of
wiretapping without warrants, which began after the Sept. 11 attacks
to detect terrorist activities and skirted the existing laws
governing electronic surveillance.

In 2006, months after the wiretapping program was disclosed by The
New York Times, the N.S.A.'s acting general counsel wrote a letter
to a senior Justice Department official, which was also leaked by
Mr. Snowden, formally asking for permission to perform the analysis
on American phone and e-mail data. A Justice Department memo to the
attorney general noted that the "misuse" of such information "could
raise serious concerns," and said the N.S.A. promised to impose
safeguards, including regular audits, on the metadata program. In
2008, the Bush administration gave its approval.

A new policy that year, detailed in "Defense Supplemental Procedures
Governing Communications Metadata Analysis," authorized by Defense
Secretary Robert M. Gates and Attorney General Michael B. Mukasey,
said that since the Supreme Court had ruled that metadata was not
constitutionally protected, N.S.A. analysts could use such
information "without regard to the nationality or location of the
communicants," according to an internal N.S.A. description of the
policy.

After that decision, which was previously reported by The Guardian,
the N.S.A. performed the social network graphing in a pilot project
for 1 ½ years "to great benefit," according to the 2011 memo. It was
put in place in November 2010 in "Sigint Management Directive 424"
(sigint refers to signals intelligence).

In the 2011 memo explaining the shift, N.S.A. analysts were told
that they could trace the contacts of Americans as long as they
cited a foreign intelligence justification. That could include
anything from ties to terrorism, weapons proliferation or
international drug smuggling to spying on conversations of foreign
politicians, business figures or activists.

Analysts were warned to follow existing "minimization rules," which
prohibit the N.S.A. from sharing with other agencies names and other
details of Americans whose communications are collected, unless they
are necessary to understand foreign intelligence reports or there is
evidence of a crime. The agency is required to obtain a warrant from
the intelligence court to target a "U.S. person"--a citizen or
legal resident--for actual eavesdropping.

The N.S.A. documents show that one of the main tools used for
chaining phone numbers and e-mail addresses has the code name
Mainway. It is a repository into which vast amounts of data flow
daily from the agency's fiber-optic cables, corporate partners and
foreign computer networks that have been hacked.

The documents show that significant amounts of information from the
United States go into Mainway. An internal N.S.A. bulletin, for
example, noted that in 2011 Mainway was taking in 700 million phone
records per day. In August 2011, it began receiving an additional
1.1 billion cellphone records daily from an unnamed American service
provider under Section 702 of the 2008 FISA Amendments Act, which
allows for the collection of the data of Americans if at least one
end of the communication is believed to be foreign.

The overall volume of metadata collected by the N.S.A. is reflected
in the agency's secret 2013 budget request to Congress. The budget
document, disclosed by Mr. Snowden, shows that the agency is pouring
money and manpower into creating a metadata repository capable of
taking in 20 billion "record events" daily and making them available
to N.S.A. analysts within 60 minutes.

The spending includes support for the "Enterprise Knowledge System,"
which has a $394 million multiyear budget and is designed to
"rapidly discover and correlate complex relationships and patterns
across diverse data sources on a massive scale," according to a 2008
document. The data is automatically computed to speed queries and
discover new targets for surveillance.

A top-secret document titled "Better Person Centric Analysis"
describes how the agency looks for 94 "entity types," including
phone numbers, e-mail addresses and IP addresses. In addition, the
N.S.A. correlates 164 "relationship types" to build social networks
and what the agency calls "community of interest" profiles, using
queries like "travelsWith, hasFather, sentForumMessage, employs."

A 2009 PowerPoint presentation provided more examples of data
sources available in the "enrichment" process, including
location-based services like GPS and TomTom, online social networks,
billing records and bank codes for transactions in the United States
and overseas.

At a Senate Intelligence Committee hearing on Thursday, General
Alexander was asked if the agency ever collected or planned to
collect bulk records about Americans' locations based on cellphone
tower data. He replied that it was not doing so as part of the call
log program authorized by the Patriot Act, but said a fuller
response would be classified.

If the N.S.A. does not immediately use the phone and e-mail logging
data of an American, it can be stored for later use, at least under
certain circumstances, according to several documents.

One 2011 memo, for example, said that after a court ruling narrowed
the scope of the agency's collection, the data in question was
"being buffered for possible ingest" later. A year earlier, an
internal briefing paper from the N.S.A. Office of Legal Counsel
showed that the agency was allowed to collect and retain raw
traffic, which includes both metadata and content, about "U.S.
persons" for up to five years online and for an additional 10 years
offline for "historical searches."

James Risen reported from Washington and New York. Laura Poitras, a
freelance journalist, reported from Berlin.

_______________________________________________
tt mailing list
tt at postbiota.org
http://postbiota.org/mailman/listinfo/tt


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20130930/0c784f9e/attachment-0001.sig>