Friday, January 27, 2006

The NSA affair: it's about how they selected their intercepts

Cringely's sources say pretty much exactly what I guessed last week (in part from his prior column, but also from connecting other dots) -- the technical aspects of the NSA affair are about social network analysis of phone metadata.

So Bush is right when he claims only a few calls are tapped, but what he doesn't talk about, and what reporters don't ask him, is how the NSA decides which phones to tap. It's the process of figuring out who to go after that's technically interesting, but the real story is about the ability of President to override Congress. That's a constitutional question that will go to the supreme court, and that's why Kerry and Kennedy are trying to filibuster Alito. I don't think they'll succeed, but I'm glad they're trying.
PBS | I, Cringely . January 26, 2006 - The Falafel Connection

... After last week's column, a number of readers wrote to explain that the National Security Agency's problem with complying with the Foreign Intelligence Surveillance Act (FISA) had to do with the sheer volume of wiretaps involved, which they guessed numbers in the millions or billions. Evidently, these worried readers think, the NSA has been long listening-in to ALL of our calls, and thought that might not go down well with the secret court that issues FISA warrants.

I don't think so.

The NSA has a very advanced program called Echelon for monitoring radio communication around the world, and probably intercepts a lot of phone calls that way, but for FISA-type wiretaps they tend to use the same outsourcing firms the phone companies use, and these generally tiny outfits can only handle a few thousand taps per year each.

By the way, if you are wondering whether YOUR phone could be easily tapped, just check to see if your phone company offers three-way dialing, because that's the feature we're talking about. If you can get it, they can get you. And if you are wondering whether VoIP service can't be tapped, the answer is both yes and no. For the moment, SIP services like Skype can't be tapped but that will change soon. And if you are a Vonage or Packet8 user, well they already have your number.

Here's what is most likely going on with the NSA and FISA from a guy who used to work for the NSA:

"What I think is going on here is that they're using social network analysis. They get some numbers or endpoints of interest, and start out with classical traffic analysis, which can all be done (as I think you pointed out) with pen registers or their moral equivalent. They look for other numbers, and follow the graph of connections by transitivity.

"It's well known that any graph of associations in the real world tends to generate cliques, and that the clique size for a social group of any sort tends to actually be fairly small. This is the 'six degrees of Kevin Bacon' effect. But in a social network, there will also be people with many edges coming to them, and many paths in the transitive closure of the graph of their relationships, and those people are often 'centers.'

"In fact, just that sort of analysis was done -- after the fact -- of the 9/11 hijackers (in this week's links).

"I would guess that the SNA is used to identify people of interest -- although there would be some false positives, like if they all rented apartments from the same rental management firm, or all ordered from the same we-deliver falafel place. But someone who shows up in the transitive network of a lot of calls from overseas, and is also a high edge-count in the SNA graph, is definitely someone to be interested in. I wouldn't be at all surprised if that's when they apply for a FISA warrant and start actually intercepting."

So what we have the NSA doing is probably data mining, calling records in order to identify the people they want to order intercepts on. They are doing it without warrants because they like being sneaky, don't think they could get past the FISA court a warrant for 100 million calling records, and because the FISA law from 1978 probably doesn't distinguish between a pen-trap and an intercept.

If that's really the case, this doesn't sound quite as bad as we've feared. I feel better thinking that they are culling calling records rather than listening-in to my conversations. And it makes a lot more sense, from a pure technical capability standpoint.

So why couldn't they just tell us? Why couldn't they have simply amended the FISA law to take such activities into account? Because they like to be sneaky, tend to distrust even the people who pay them (that's us), and because they for some reason think that the bad guys won't figure this out for themselves.

Duh.

But is it really Duh? Either al Qaeda is a lethal threat, and thus smart enough to figure this out on their own, or do they have got a thin bench full of dolts who couldn't think their way out of a paper bag?

Either way, Bush is wrong. If al Qaeda is a lethal threat, then they've already figured this out and we could pass laws making this legal without tipping them off. On the other hand, if they have a thin bench, then we don't need the Long War and we shouldn't be shredding the Constitution.

No comments: