The NSA's Lockbox Has No Lock

from the like-that-won't-be-abused? dept

One of the key points that officials have been making in defense of the NSA surveillance is this idea that even if they're collecting all this data on your communications, they can't actually do anything with it, because they keep it safely locked up in a lockbox, and only check it if they have some bit of data they want to find out about later. That was the crux of the claims made by former NSA/CIA boss Michael Hayden who seemed to think that "data mining" and "asking the database questions" were two different things. However, as William Saletan is pointing out at Slate, the lockbox is a lie. There is no lockbox. He quotes officials including NSA boss Keith Alexander and Congress's number one NSA apologist, Rep. Mike Rogers, both suggesting strongly that even if the NSA is collecting all your data, it's safe because it can't be explored without a "very specific court-ordered approval process."

Except... what they conveniently left out, is that the court doesn't review any of this. It appears that it probably set some very basic rules up front when it gave the okay on collecting the data, which no one else gets to know about, and no one carefully checks up on the NSA later to see if they really follow any of those rules. What the claims most certainly do not mean, is that the NSA needs to get a court order to search the database. Senator Dianne Feinstein admitted as much directly:
Q:  Is a court order necessary to query the metadata database?
Feinstein:  Is a court order necessary to query—
Q: The metadata database under 215. An individual court order for each query.
Feinstein: A court order—well, I don't know what you mean by a query. A court order—
Q: To search the database.
Feinstein: To search the database, you have to have reasonable, articulable cause—
Q: Certified by a judge?
Feinstein: —to believe that that individual is connected to a terrorist group. You cannot—
Q: But does that have to be determined by a judge?
Feinstein: Could I answer? You may not like it, but I'll answer. Then you can query the numbers. The only numbers you have—there's no content. You have the name and the number called, whether it's one number or two numbers. That's all you have. Then you can get the numbers. If you want to collect content, then you get a court order.
Q: So you don't need a court order for the query itself.
Feinstein: That's my understanding.
And yet, as the article notes, most of the defenders of the program strongly imply otherwise, highlighting the "court-approved" process that people need to go through to query the database. But if there's no real oversight, and no court reviewing each query, then, as Saletan points out, there is no lockbox.
There's no lock on the lockbox.

That hasn't stopped current and former government officials from repeating the lockbox line. Yesterday Rogers used it again on Face the Nation. Dick Cheney, appearing on Fox News Sunday, backed him up. On Meet the Press, Michael Hayden, the guy who ran the NSA when it began collecting phone records, assured Rep. Bobby Scott, (D-Va.,) "The only way you can access the metadata is through a terrorist predicate." When Scott asked, "Where is that written?" Hayden replied: "It's in the court order." Really? Where's the court order? When is it applied, and how?

If the court isn't screening data requests, that leaves two possibilities. One is that nobody's screening them. The other is that some other, unknown entity is doing it in a way that nobody has explained. Either way, the answers we're getting are unacceptable. They betray privacy, public trust, and national security.
If there's no public standard, and no official oversight or review process, then the probability that the database is being abused approaches one very, very quickly.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: court order, lockbox, nsa, nsa surveillance, oversight


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:43am

    No locks eh?

    Ill bet its not even encrypted, probably an ordinary MySql (or probably MsSql) database on a server somewhere.

    link to this | view in thread ]

  2. icon
    Uriel-238 (profile), 18 Jun 2013 @ 10:43am

    Mike when you said There's no Lock on the lockbox, my first thought is that this information lies unencrypted in an easily searchable system hooked up to the internet with, probably, a modest firewall at best.

    Which means any hacker worth his salt will be able to ALSO use the massive NSA database for their own ends.

    I'd like some reassurance of how few (or rather, how many) people actually have access to this supertrove of data.

    What would it take to force the NSA to purge the thing and stop?

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:45am

    "The NSA's Lockbox Has No Lock"

    Holy pfargtle. How do they put stuff into it?

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:45am

    "I don't know what you mean by a query."

    This is what happens when you have someone incapable of understanding basic terminology behind the technology they're using.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:49am

    Re:

    "What would it take to force the NSA to purge the thing and stop?"

    Login to the NSA database, (Il'l Bet the password is 12345), then type:

    DROP `DATABASE`

    Done!

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:51am

    Re:

    The database is probably NOT on the Internet, NSA have their own network for obvious reasons, they are paranoid about anyone else getting their data. They pass carefully written reports to the government, with most sources and names removed. These are probably still on paper so that they can be locked in a safe.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:51am

    Re: No locks eh?

    most likely MSSQL, the government doesn't like open source projects since you don't "own" it and it's more "secure".

    link to this | view in thread ]

  8. icon
    RyanNerd (profile), 18 Jun 2013 @ 10:54am

    Re: No locks eh?

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:57am

    Re: No locks eh?

    Let's check the Linkedin profile of the NSA employees responsible for building the database.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:58am

    Re: Re:

    Yeah, so paranoid about people getting their data that they'll go to great lengths to set up the most secure and advanced digital lockbox in the world.

    Oh, wait.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:58am

    Government officials are tech illiterate, the tech people know they are lying and they know why what they are saying is a lie.

    If you can query a database, the only thing stopping you from making other queries is you not a judge and if there is nobody looking there is no lock, is the judge the one that gives some sort of digital key to open the query station for them?
    I doubt it is done that way.

    The analogue version of this would be locking someone in a warehouse full of documents collected from everywhere and leaving the guy in there only to come out and ask the judge to authorize his use of some piece of paper he found in there.

    The government is not naive, they know not to allow access to sensitive information to anybody, they put several layers of protection and when you need something you need to go ask authorization to someone to unlock so there is a paper trail, but somehow they devised a scheme where there are apparently zero safeguards real safeguards in place and are telling people that it works the way they say because they say so.

    Right.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 18 Jun 2013 @ 10:59am

    Re: Re: No locks eh?

    Figures...

    link to this | view in thread ]

  13. This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 18 Jun 2013 @ 11:00am

    So why should you think Google is any better?

    Mike is only "against" the visibly gov't part of the surveillance grid. He not only doesn't worry about Google, which is a major source of NSA data in the first place, he promotes it.

    http://gawker.com/5491756/six-delusions-of-googles-arrogant-leaders

    Schmidt also said Google has been known to curb its own creepy impulses:

    "There are many, many things that Google could do, that we chose not to do... One day we had a conversation where we figured we could just try to predict the stock market. And then we decided it was illegal. So we stopped doing that."

    http://www.theregister.co.uk/2010/09/23/schmidt_on_colbert/

    Schmidt: 'Google doesn't do data mining'

    That last is EXACTLY what the NSA is saying here.

    link to this | view in thread ]

  14. identicon
    Michael, 18 Jun 2013 @ 11:00am

    1) a 4 year old
    2) a full candy jar
    3) an easily opened lid
    4) parents are out of the room

    Yeah, that plan is flawless.

    link to this | view in thread ]

  15. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 11:02am

    You know I'm going to post it, Mikey. Whac-A-Mole is a losing game, and you know it. And you know I'll post so many more just like it. It's funny watching you try and stop me.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:02am

    Re: So why should you think Google is any better?

    Where in this article did Mike say anything about Google?

    Go back to 4chan you troll.

    link to this | view in thread ]

  17. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 11:06am

    Re:

    Yeah, he's trying to block me too! We're in this together man, we can do it, we can defeat this oppression! Who else is with us? You shall know us by our call!

    BAWK! BAWK! BAWK! Let's milk this chicken dry!

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:06am

    Re:

    You've gone completely off the deep end.

    link to this | view in thread ]

  19. identicon
    gnudist, 18 Jun 2013 @ 11:07am

    Re: So why should you think Google is any better?

    Utterly irrelevant as always blue


    You might as well have just asked for obama's long form birth certificate

    link to this | view in thread ]

  20. identicon
    John Doe, 18 Jun 2013 @ 11:07am

    Just wait 5 or 10 years when people run for office

    The fun will really start in 5 to 10 more years when someone decides to run for office and they are not part of the party in charge. Suddenly they will get visits from unsavory people suggesting they not run for office or their internet search history, phone history and email records will come to light. Maybe those records show the person was into weird stuff. Stuff he doesn't really want the public to know. This can/will become a tool for the party in charge to stay in charge for a long, long time.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:09am

    Re: Re:

    Milk the chicken?

    Sounds sexy.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:11am

    Re: Just wait 5 or 10 years when people run for office

    And now you know why Congress doesn't want to do anything.

    link to this | view in thread ]

  23. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 11:13am

    Re: Re: Re:

    Why did the chicken milk the road? To get to the udder side.

    BAWK! BAWK! BAWK!

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:14am

    Re: Re: Re:

    Why do they even bother with the euphemisms?

    We all know what they're thinking about...

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:17am

    Re: Re: Re: Re:

    I get the feeling the reference to "milking" is a Freudian slip on Joe's part. He loves the BDSM lifestyle.

    link to this | view in thread ]

  26. icon
    RyanNerd (profile), 18 Jun 2013 @ 11:19am

    Damn Bureaucrats

    But sometimes if you look at what they say as a kind of dance. Frome the perspective that what they say as an art form it does take the stench out of the BS just a little. It can actually be an ashonishingly amazing tap dance routine to witness:

    Q: But does that have to be determined by a judge?
    Feinstein: Could I answer? We see here a classic flaps step.
    You may not like it, but I'll answer. This is another classic step called digs.
    Then you can query the numbers. The only numbers you have—there's no content. This move is called the riff.
    You have the name and the number called, whether it's one number or two numbers. That's all you have. Then you can get the numbers. This is a complicated step called the Shuffle bufflo.
    If you want to collect content, then you get a court order.
    Finally we end with yet another very complicated step called the pull backs single to double.

    link to this | view in thread ]

  27. icon
    That One Guy (profile), 18 Jun 2013 @ 11:21am

    Re: Just wait 5 or 10 years when people run for office

    Oh it get's better, as they have no real oversight, there's nothing at all stopping them from creating any 'records' to use in that manner, because who exactly is going to be willing and able to call them out on it?

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:21am

    Re: Re: Re: Re:

    What are you, like five years old?

    link to this | view in thread ]

  29. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 11:21am

    Re: Re: Re: Re: Re:

    The only BSDM lifestyle here is the chains of oppression that Pirate Mike the Chicken Milker and his kind wrap around our proxies, us the dissenters, us the master debaters!

    Let our people go!

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:24am

    Re: Re: Re: Re: Re: Re:

    ...the master debaters!"

    You sir, made me giggle so hard I peed a little.

    PS - Just noting that cuz Joe likes watersports.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 18 Jun 2013 @ 11:27am

    Re: Re: Re: Re: Re: Re:

    "Pirate Mike the Chicken Milker"

    I just about died when I read that... I cant stop laughing...

    link to this | view in thread ]

  32. icon
    Rapnel (profile), 18 Jun 2013 @ 11:36am

    Re:

    He may have confused that fact that the system queries the operator when things need another look which may or may not lead to a request for immediate attention or a request to the secret court in order to bust out the man power.

    That and browsing the data feeds, gosh, in pretty much real real-time, is not exactly a well formed query. I can see how some clarification on the usage of "query" may have been necessary.

    link to this | view in thread ]

  33. icon
    Josh in CharlotteNC (profile), 18 Jun 2013 @ 11:39am

    Re: Re: No locks eh?

    Err, no, not exactly.

    SELinux was developed by the NSA.

    Of course, they don't seem to be taking advantage of the features they designed, namely the strong access control features.

    link to this | view in thread ]

  34. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 11:42am

    See the post that You Know Who doesn’t want you to see: http://bit.ly/14gT9mc

    Why's he so desperate to censor this?

    link to this | view in thread ]

  35. icon
    Josh in CharlotteNC (profile), 18 Jun 2013 @ 11:43am

    Re: Re: Re: Re: Re:

    And yet that's still 3 years older than the person who started this thread.

    link to this | view in thread ]

  36. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 12:01pm

    Why is Mike so scared of this post? Why must he censor it?

    http://bit.ly/14gT9mc

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 18 Jun 2013 @ 12:02pm

    We already know that the FBI abuses NSLs constantly and yearly reports show it continues.

    Here you have no oversight, no public visibility for verifying the process, and the court supposedly responsible for oversight doesn't.

    This sounds like a whole bunch of politicians who are in on it not wanting to be exposed and nearly everything you are hearing are lies.

    Only the light of public scrutiny will now clear up this stain.

    link to this | view in thread ]

  38. identicon
    wijnands, 18 Jun 2013 @ 12:44pm

    it's the police state you guys wanted

    Let's face it, it's the police state you guys brought onto yourselves. The only problem with it is that you force it upon the rest of the world.

    link to this | view in thread ]

  39. identicon
    AC Unknown, 18 Jun 2013 @ 12:54pm

    Re: Re: Re: Re: Re: Re:

    Shut up, troll.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 18 Jun 2013 @ 1:00pm

    Re:

    They use quantum Mi-Go workers.

    link to this | view in thread ]

  41. identicon
    Anonymous?, 18 Jun 2013 @ 1:21pm

    to NSA: "terror, covert, afganistan, pakistan, chechnya"
    And now that you are paying attention;
    ' -- select concat('drop table if exists ', table_name, ' cascade;') from information_schema.tables; --

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 18 Jun 2013 @ 2:28pm

    Re:

    So, you think you should be allowed to know exactly what the NSA and/or the FBI is doing. And you should be allowed to scrutinize it. At the end of the Yellowbrick road you will find your fantasy land.

    link to this | view in thread ]

  43. icon
    John Fenderson (profile), 18 Jun 2013 @ 3:14pm

    Re: Re:

    I think that the activities of the NSA, CIA, or any other TLA should be public as far as possible. There are some circumstances where this isn't realistic. In those circumstances, though, there needs to be real, actual, authoritative, effective oversight by people who represent the US citizenry.

    Right now, there isn't. That's an even bigger problem than any individual program, as the lack of oversight is what allows these egregious individual programs to persist.

    link to this | view in thread ]

  44. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 3:38pm

    See the link that Mike is desperate to censor: http://rdd.me/e9cd9hqe

    Mr. Freedom hates that his constituents even know this link exists.

    More to come!

    link to this | view in thread ]

  45. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jun 2013 @ 7:34pm

    See the post that over 200 people on TD have seen. See the post that mike desperately doesn't want anyone to see. He's so desperate to hide this that he's blocking IPs, keywords, titles, and links.

    Mike hates this post so much that he's going out of his way to censor it: http://tr.im/44w44

    the next edition will be out very soon.

    How hard will he work to hide that from you too?

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 19 Jun 2013 @ 2:02am

    actually, it IS possible to explain it. In simple english:
    no warrant: who you call
    warrant: what you said

    link to this | view in thread ]

  47. icon
    Ninja (profile), 19 Jun 2013 @ 4:04am

    So you are telling me that they'll behave and never look at data without a warrant despite it being readily available. Right.

    Then they say 9/11 could have been avoided if they had all that data. How do both statements fit together? The only possible way they could look at the data if available would be to have a court warrant which means they'd need to argue that there's a probable cause and this could only be done by normal police work which would have raised some data first.

    Providing a warrant is given, the telcos store metadata as what was collected for a good while thus making such preemptive surveillance completely unnecessary. Their own arguments kill each other.

    No really, just a peek.

    link to this | view in thread ]

  48. identicon
    Lurker Keith, 10 Jul 2013 @ 9:14pm

    Re:

    I don't know if this has anything to do w/ these Trolls claiming to be blocked by some automated process, but I have noticed Techdirt behaving strangely of late.

    The last few days (could be over a week or more; I've not been paying sufficient attention to when it started), Techdirt has been lagging, & I've been getting "Techdirt is not responding due to a long script running" errors.

    Today, I'm getting those script errors, & additional lagging, trying to uncollapse the Hidden posts (if I'm going to read the comments below them, I'd prefer to know what they're replying too... I do sometimes regret trying to read the IQ reducing stupid).

    I've been considering reporting these lags, & so now I have.

    I also will point out that I sometimes have to use IE10's Compatibility Mode a lot to get the Funny/ Insightful/ Report buttons to display (it's inconsistent, & sometimes even that doesn't work & an additional refresh is required).

    I have noticed that the pop-up whatever those are lag again, as well. & one has to keep being closed every refresh/ with each new page opened.

    Hopefully, this report is helpful enough to find out what the problems are.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.