ODNI Tasks Researchers With Figuring Out How To Store Section 215 Collections Off-Site

from the still-looking-at-the-symptoms,-rather-than-the-sickness,-however dept

One of the few stipulations in Obama's NSA reforms was to transfer the Section 215 collections to a third party and out of the NSA's direct control. The assumption is that these records will be held by those generating them -- the telcos. But the telcos have made it apparent that, while they have no problem asking "how high" whenever the NSA says, "jump," they have no interest in storing the records onsite. The administration didn't specifically order anyone to take control of the records, basically punting the issue to Congress and the DOJ and "allowing" them to sort it out.

For better or worse, the ODNI has already taken action toward fulfilling the president's order.

The Office of the Director of National Intelligence has paid at least five research teams across the country to develop a system for high-volume, encrypted searches of electronic records kept outside the government's possession. The project is among several ideas that could allow the government to store Americans' phone records with phone companies or a third-party organization, but still search them as needed.
These researchers' suggestions will be weighed against anything the DOJ or Congress has to offer, albeit with a slight hometeam advantage. There are some protections the ODNI has specified that may make its conclusions preferable to others, in terms of data security at least, and possibly provide more flexibility for shifting records to whatever entity(ies) is left holding the metadata bag.
Under the research, U.S. data mining would be shielded by secret coding that could conceal identifying details from outsiders and even the owners of the targeted databases, according to documents obtained by The Associated Press and interviews with researchers, corporate executives and government officials…

An encrypted search system would permit the NSA to shift storage of phone records to either phone providers or a third party, and conduct secure searches remotely through their databases. The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure that its analysts were not leaking information or abusing anyone's privacy during their data searches. And the technique could also be used by the NSA to securely search out and retrieve Internet metadata, such as emails and other electronic records.
This would ease the logistics problem and (theoretically) reduce the possibility of abuse. But it doesn't eliminate every problem, including the "why" of collecting and storing millions of irrelevant phone records. While it will reduce the odds of abuse, it doesn't eliminate that prospect. Another concern is the fact that the use (as opposed to the collection and storage) of the data will still be removed from any meaningful oversight.

On a more positive note, the encrypted search requirement would stave off hacking attempts and prevent the phone companies from knowing which records have been searched. Of course, while preventing the phone companies from knowing what's going on with their records does some damage to the recently loosened restrictions on government access reporting, it does at least eliminate one of the telcos' objections to maintaining the collected data onsite. (Although it can be argued that the telcos -- Verizon and AT&T especially -- have been so compliant over the years that storing data onsite won't be remarkably different than storing it at NSA data centers.)

There are some pluses to the ODNI's efforts, but the question of why the collection is needed still hasn't been answered. The administration's cosmetic reforms placed a few restrictions on the Section 215 program but completely avoided addressing the overall uselessness of the Fourth Amendment-skirting program. As the program morphs to meet the few requirements given, the NSA's supporters are likely to greet each change with more proclamations of the damage being done to national security. (Not that they haven't started already…)

Ultimately, the NSA has no need to keep the data onsite, considering it will now have to seek court approval before searching the database. It will still have some leeway to bypass the judicial constraints thanks to National Security Letters, but for the most part, it's a return to its 2009 restraints as ordered by FISC judge Reggie Walton after observing "systemic abuse" of the bulk records collections. With this in place, the agency can't really argue that uninterrupted, direct access is needed as it will be something it no longer has, onsite or not. Placing another small hurdle simply makes it a bit more difficult to abuse the collection and, after having free rein for so many years, a little friction is exactly what the agency needs to experience.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bulk metadata, james clapper, nsa, odni, patriot act, privacy, section 215, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Namel3ss (profile), 29 Jan 2014 @ 3:57pm

    To remind everyone about Julian Sanchez's tweet:

    Section 215 allows the *FBI* to get *records* that are *relevant* to an actual *investigation*.

    PCLOB: NSA program fails on "FBI", "records," "relevant" & "investigation."

    When do we all pull out the torches and pitchforks? I for one am ready.

    link to this | view in thread ]

  2. icon
    qyiet (profile), 29 Jan 2014 @ 4:21pm

    Easy Solution

    Just move it all to /dev/null it's surprisingly fast, cheap, and scalable.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 29 Jan 2014 @ 4:31pm

    This is a band-aid that won't fix anything. It sounds like "mandatory" bulk data collection, to me. It's only "voluntary" if there's a way to opt-out of the bulk data collection.

    link to this | view in thread ]

  4. identicon
    @b, 29 Jan 2014 @ 4:32pm

    o rly

    >> the encrypted search requirement would stave off hacking attempts

    That would depend largely on whether (A) the encryption was intentionally crippled with a backdoor, and (B) a new high-value high-volume high-security database was of any interest as a target in a world full of highly-sophisticated hacker collectives.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 29 Jan 2014 @ 4:39pm

    Im sorry, but when was it decided that "telcos" could even STORE the data, beyond what is needed in order to make the system funtion as expected, unless they have and ive missed it, consider this....."sneaking it in"

    Always trust the government to exploit a crisis

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 29 Jan 2014 @ 4:41pm

    what bollocks! unless this data mining and retention are stopped, the NSA and any other security agency that wants to will be sifting through them all, or have them sifted through with any and all results handed to them. it wont matter whose mails or whatever they have they will be scanned, sorted and stored so that every single innocent person, whether in or out of the USA is gonna be a suspected terrorist and/or criminal.
    as for the bit about 'anyone outside of the USA being fair game', i reckon the USA needs to watch itself. it may think everyone is fair game but it dont mean the other countries are gonna be compliant to those thoughts, especially after what has been revealed up to now over citizens and heads of EU countries! there could be a bigger heap of shit thrown America's way than it wants. it has struggled so far to retain that shit from really hitting fan, with only the thick fucking UK government under Obama's arse licker, Cameron, not going mad for obvious reasons. with the legal challenges going to be conducted in the not too distant future, the UK needs to watch it's step!!

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 29 Jan 2014 @ 5:11pm

    And who will be paying for the servers needed to host the data?
    The government will, using funds currently dedicated to NSA's PRISM servers.

    And guess what will happen once the telcos will have optimized the infrastructure to cut costs?

    It is a way to tie the hands of the telcos to cooperate even more, as it sort of guaranties them possibly huge incomes, and even if it is not the case, the mere possibility that it could be used that way is frightening.

    If decentralizing the storage sort of mitigates some risks of abuses from the NSA, it also dilutes responsibilities. It is currently hard enough to deal with the "NSA problem"; is it really a good idea to welcome a potential "NSA + every single telco problem"?

    link to this | view in thread ]

  8. identicon
    V, 29 Jan 2014 @ 5:19pm

    The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure that its analysts were not leaking information or abusing anyone's privacy during their data searches.

    Aren't these statements in direct conflict? Even if someone who is not an "analyst" is technically making the search and reporting the data, how is hiding the identity of the searcher going to prevent leakers and/or abuse? Isn't that just shifting the risk of abuse and leakage to a third party? If the third party providing the search and the details of how the NSA is using the data are kept separate by being separate entities, I could maybe see an argument that leakers are reduced (no one has enough of the puzzle to form a complete picture). This is not the case for people abusing their access to the data, IMO.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 29 Jan 2014 @ 6:01pm

    "For better or worse, the ODNI has already taken action toward fulfilling the president's order."


    Stop right there: Since when the executive branch creates the laws in this country?

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 29 Jan 2014 @ 6:27pm

    I hear "Target" is on the short list

    or a contractor, that would hire an idiot like Snowden.

    link to this | view in thread ]

  11. icon
    artp (profile), 29 Jan 2014 @ 7:01pm

    Oh, great!

    This will be let to the lowest bidder you know. Kiss your [remaining] privacy goodbye...

    link to this | view in thread ]

  12. icon
    artp (profile), 29 Jan 2014 @ 7:06pm

    Re:

    You have to understand how they think.

    Before this, they were doing it all by their lonesome, behind a curtain so we couldn't see them violating our constitutional rights.

    Well, now that they are getting called on this, they have to think of a way to keep doing what they are doing without looking like they are doing it. And they really, REALLY like that curtain, so they are going to drag it along with them, even though it doesn't make sense.

    So, the new idea is to get it away from the NSA. And they will contract it. Planning stopped about three milliseconds before the plan reached this stage, so now we have a worse situation than we did before. Now we are having our constitutional rights violated at the same time as we lose more of our privacy, and at roughly the same cost, but with far more data breaches.

    Who said you couldn't do more with less?

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 29 Jan 2014 @ 8:40pm

    Maybe they can ask Kim Dotcom to store their data on his new Mega servers.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 29 Jan 2014 @ 10:54pm

    Re:

    You can't do it out loud! They'll find you and arrest you for 'Crimes against the Constitution'! Which only means that their CHA was a dump stat.

    link to this | view in thread ]

  15. identicon
    xiaozhi, 29 Jan 2014 @ 10:58pm

    The solution is obvious, no?

    Sell the Bluffdale UT data center to Booz Allen for $1 and have them act as custodian.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 30 Jan 2014 @ 9:38am

    Re:

    My thoughts exactly. This just means that because the identities of who is conducting a search is concealed, there is no way to audit the searches to see if the search was made by a person who was authorized for the proper reasons. This makes it worse not better. Every search performed by every person needs to at least be logged so that it can be reviewed where the analyst conducting the search will have to prove that the proper procedures were followed, and proper authorizations were made (ie. case number of the investigation that it pertains to as well as the warrant that was issued that authorized it.)

    link to this | view in thread ]

  17. identicon
    Peter Gerdes, 30 Jan 2014 @ 9:15pm

    Actually Totally Plausible

    One could implement both of the following. The identity of who conducted any given search is hidden but only those with a manager level key can approve a search.

    This would, indeed, be a good way to control so called LOVINT and other low level abuses that are in the news now. However, while creepy these abuses aren't the real danger. They merely demonstrate the danger posed by someone with manager level access engaged in something more diabolical than stalking potential or former lovers. While I suspect a knowingly evil/anti-US motive is unlikely it seems totally plausible that a manager could be convinced that some candidate would be a disaster for the US and use their position to spy on the least reputable associates of a political candidate.

    However, the system could be designed so that the supervisors have the appropriate cryptographic keys to supervise their underlings.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.