NSA, Which Once Claimed It Needed Every Phone Record, Now Claims It Actually Gets Less Than 20%
from the is-that-supposed-to-be-comforting? dept
Ever since the first Snowden leaks about the way the NSA interpreted Section 215 of the PATRIOT Act to allow it to collect all call records from various telcos, one of the key arguments that has been made by the program's defenders is that it was necessary to have every single call record to make the important connections between terrorists. Multiple officials have argued that to find the "needle in the haystack" they need to be able to collect the whole haystack. In fact, that was part of the argument made by the few judges who have reviewed and approved this program. In the very first FISC ruling that actually analyzed the legality of the program (as opposed to earlier approvals that never bothered with an analysis), the court clearly indicated that it was necessary to collect everything:The government depends on this bulk collection because if production of the information were to wait until the specific identifier connected to an international terrorist group were determined, most of the historical connections (the entire purpose of this authorization) would be lost. The analysis of past connections is only possible "if the Government has collected and archived a broad set of metadata that contains within it the subset of communications that can later be identified as terrorist-related." Because the subset of terrorist communications is ultimately contained within the whole of the metadata produced, but can only be found after the production is aggregated and then queried using identifiers determined to be associated with identified international terrorist organizations, the whole production is relevant to the ongoing investigation out of necessity.That legal tapdancing aside, it basically argues that the only way this data makes sense is if the NSA has all of it. Similarly, when Judge William Pauley found the program legal late last year, he too relied on the argument that the NSA needed all the data.
And yet... it appears that they're actually not getting that much data. A new report from the Washington Post claims that the NSA is actually only getting between 20 to 30% of the data. The Wall Street Journal rushed out a quick story claiming it's actually less than 20%.
Apparently, while the NSA has gotten approvals to get data on landline calls from Verizon and AT&T, it actually hasn't yet gone after the same data from most mobile phone calls. For example, even though it gets Verizon landlines, it apparently does not collect the data on Verizon Wireless. Nor does it collect the data from T-Mobile. There are somewhat conflicting reports as to why this is, but the Washington Post piece suggests that the incident in 2009 in which FISC chief judge Reggie Walton nearly shut the whole program down over compliance failures has basically stopped the NSA from updating the program, because everywhere they look there have been more (you guessed it) compliance failures, and they're simply not set up to handle mobile phone data. Update: And some are questioning the whole claim here, noting that the orders that have been revealed do appear to request IMEI and IMSI data -- information that is only associated with mobile phones.
“It’s not simply the ability to go to the court and order some vendor to give you more records, but you have to make sure that the [agency’s collection system] is prepared and ready to take the data and meet all the requirements of the court,” the former official said. “You don’t want to turn it on and get hundreds of millions of records, only to find out that you’ve got the moral equivalent of raw sewage spilling into the Chesapeake Bay.”Basically, there have been so many compliance problems that the NSA has had to work overtime to try to fix their systems and prepare for an influx of mobile phone data. The Wall Street Journal version of the report says that part of the problem is the NSA can't figure out how to strip location data from mobile phone data, and because collecting that information might lead to compliance issues, they haven't been able to figure out how to do it without running into more trouble down the road.
The process of preparing the system can take months, said the senior U.S. official, adding that mobile calls have different data elements than land-line calls. “That’s a really detailed set of activities where we get sample data in, and we march it through our systems,” the official said. “We do that again and again and again. We put in auditing procedures to make sure it works. So before we turn on that mobility data, we make sure it works. . . . It’s very complex.”
Compounding the challenge, the agency in 2009 struggled with compliance issues, including what a surveillance court found were “daily violations of the minimization procedures set forth in [court] orders” designed to protect Americans’ call records that “could not otherwise have been legally captured in bulk.”
As a result, the NSA’s director, Gen. Keith Alexander, ordered an “end-to-end” review of the program, during which additional compliance incidents were discovered and reported to the court. The process of uncovering problems and fixing them took months, and the same people working to address the compliance problems were the ones who would have to prepare the database to handle more records.
But fear not, surveillance state lovers, the NSA is getting ready and its goal is to get back to collecting nearly every phone record from every phone provider. Once the systems are in place, they appear to fully intend to send over some requests to the FISA court to get all those mobile operators to comply as well. One hopes that, this time, with so much more awareness of what's going on, at least one of those mobile operators will fight back.
Either way, this whole thing actually shows just how ridiculous the NSA's claims are that it absolutely needs all this data to keep us safe. The very fact that this report is coming out in both the Washington Post and the Wall Street Journal at nearly the same time suggests a stupid sort of PR attempt on the part of the NSA, which seems to think that after months of insisting they need it all, they can now placate people by saying "well, we really only collect about 20% of the data (though we're hoping to collect it all)." Not only does this actually highlight the widespread compliance problems with this data, it further shows that the argument that somehow collecting it all is necessary to keep us safe is just completely wrong.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bulk metadata, cell phones, compliance issues, location data, mobile phones, nsa, phone records, section 215, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Read more carefully
Also the Post says less than 30% of _call records_ - those have two phone numbers on them so if a person is calling a friend with another carrier they only have to get one of the two call records to know. So at a high level this could be call coverage of 50-60% of calls of Americans.
Also is this different for calls to businesses are those included or excluded in the information above? Assuming this also does not count calls with American on one end and foreign on the other.
What about calls they don't know the location of the origination or termination of calls? Are those counted for or against the total?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
End the NSA
[ link to this | view in chronology ]
I call Security Theatre BULLSHIT!
They got caught in the bathroom stall with the pooch bent over fucking that dog, with Clapper and Alexander holding the tail, waiting their turn, and you expect me to believe they are only collecting LANDLINE data?
What self-respecting terrorist would even speak aloud within ear(wiretap)shot of a landline?
How about this for the next big NSA/Pinocchio lie that we want you all to believe:
"The NSA's section 215 phone meta-data collection program was only collecting less than %30 of Americans calls, because the program was only used for FAX lines."
Why you ask, because everyone who hates the American police state has seen Eagle Eye, and already knows they can remotely bug you with your camera-phone and mic and vector in a predator with hellfire missiles and blow up the whole wedding party! So fellow jihadists only use land-line FAX machines to coordinate strikes against the Great Satan. My good friend and financial backer Dianne "you're gonn'a love the next whopper you read about in the paper" Feinstein has assured me they are only monitoring cellphones!
It was the single greatest intelligence victory since the cracking of the enigma machine, and we all have the NSA and all of the other shills in washington to thank for it!
Hey NSA THANKS FOR KEEPING US SAFE!!!
assholes
[ link to this | view in chronology ]
[ link to this | view in chronology ]
30% of the world
[ link to this | view in chronology ]
NSA Time Machine
Well yes, you don't to go back in time and find out what someone you just met today did last year.
And even this is ridiculous since the phone companies keep records for a significant amount of time themselves.
Wish I could start a phone company that expressly DIDN'T log anything. It certainly 'could' to comply with legal requests, but by default nothing is logged. sigh.
[ link to this | view in chronology ]
Landlines are obsolete and people are dropping it with the exception of older folk who haven't changed. It's gotten such a small figure of the population that AT&T has requested that the FCC let them drop service.
So from that, the NSA is trying to say that all their terrorist concerns are from the elderly who are a diminishing part of the population as the years go by.
This is nothing more than BS hoping to fool and calm the public who are pushing for things to change. They are again afraid of losing their precious.
[ link to this | view in chronology ]
Re:
http://www.timmins.net/2013/12/11/how-att-verizon-and-comcast-are-working-together-to-scr ew-you-by-discontinuing-landline-service/ explains what their intentions are. Thankfully, the bill discussed has not passed.
[ link to this | view in chronology ]
Only 20%? No wonder they failed to stop Boston.
With 20%, can you wonder that they failed to listen?
[ link to this | view in chronology ]
As my good friend Gollum said about the NSA
Pantsies on firesies.
[ link to this | view in chronology ]
So you DONT have access to all our date, but you DO want access to our data, oh yeah, because THATS not the thing i was not most worried about /s
Assuming you've "decided" to tell the truth this time, i dont want you to unwittingly strain yourselves over such a small thing like the truth or anything
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
0.5 % supervision is sufficient to control a fascist slave state
[ link to this | view in chronology ]
A reasonable person accepts the loss, a lunatic doubles down.
[ link to this | view in chronology ]
Re:
At some point after looking through a haystack for a needle, you have to ask yourself, "Is it really worth ruining all that hay for one needle?"
A reasonable person accepts the loss.
[ link to this | view in chronology ]