NSA Appears To Be Chaining Calls Using Phone Numbers One Hop Out As New Originating Selectors

from the making-any-hop-limitations-pointless,-at-least-for-Clapper's-chain-gang dept

Thu, Jul 3rd 2014 3:35am — Tim Cushing

The ODNI's first transparency report put a lot of not very reassuring numbers on display, misusing the word "target" to give the impression that Section 702's ~90,000 targets were actually limited to 90,000 people, rather than, say, several thousand collection points gathering data and communications from several additional unspecified targets.

The ODNI also claimed it couldn't offer specifics on the number of people targeted by the 19,000+ NSLs issued last year, even while pointing to letters sent to Intelligence Committees and members of the administration that attempted to do exactly that. A caveat was appended to the 2013 letters, noting that the FBI's NSL target estimates were probably inflated due to the NSL's limitations and targeting specifications.

But there are further statistical "anomalies" hidden within the transparency report. The section detailing the business records program (aka, Section 501 [formerly Section 215]) listed a small number of targets as well, something entirely at odds with the NSA/FBI's demands for every phone record from certain providers. While there are only a certain number of RAS (reasonable articulable suspicion) approved selectors that can be used by the NSA to search the bulk records, there's apparently a workaround that allows analysts to access many more records within the database.

Marcy Wheeler of emptywheel spotted some wording in the two most recent FISA court orders (released late Friday afternoon) that confirms the agency is using numbers one hop out from the RAS-approved numbers as additional selectors, triggering even more contact chaining.

In that same motion it implemented the change in standard dragnet language that has been retained in these more recent dragnet orders: the NSA is chaining on “connections” as well as actual calls.

14 The first “hop” from a seed returns results including all identifiers (and their associated metadata) with a contact and/or connection with the seed. The second “hop” returns results that include all identifiers (and their associated metadata) with a contact and/or connection with an identifier revealed by the first “hop.

If it's any consolation, this new chains-upon-chains method apparently can't be performed automatically, most likely due to these automated searches not complying with FISA court limitations (rather than a lack of computing ability). The most recent bulk records orders note that these searches will now always be performed manually.

Queries of the BR metadata using RAS-approved selection terms for purposes of obtaining foreign intelligence information may occur by manual analyst query only.

As Wheeler notes, this wording may also indicate the agency's anticipation of bulk records being maintained and held by service providers, thus further limiting its splashing around in the collected metadata. But it does indicate that the recently-imposed "hop" limitation is nearly useless. Rather than simply searching one hop out from the RAS selector, the agency is having its analysts build contract chains starting from that hop and moving outward. This puts the agency right back where it was prior to the minimal restrictions placed on it by the administration's reform measures.

It's not a strictly legal move, no matter if it's automated or not. Feinstein's fake reform measures would have codified this quasi-legal procedure, as Wheeler points out. Denials offered by NSA officials may have had a slight ring of truth, especially if the automated system wasn't capable of meeting FISC stipulations, but it appears to be all systems go at this point.

Whether Administration witnesses were being deliberately deceitful when testifying about call-based chaining (“not wittingly!”) or the NSA only recently resumed doing connection based chaining manually, having given up on doing it automatically, one thing is clear. The NSA has been doing connection based chaining since at least February, and very few people in Congress know what that means. Nevertheless, they’re about to authorize that formally.

What the NSA buries in half-truths, carefully-worded denials and artful retractions always has the chance to become legally sanctioned by efforts like Feinstein's, which seek to codify the NSA's programs and instantly whitewash any past brushes with illegality. The NSA plays to edges of the letter of the law and disregards the spirit. Even its past excesses and deliberate misuse of its powers have failed to keep it down for long. At worst, it's back to its 2008 form, dealing with the same sort of limitations FISC Judge Walton imposed on it after uncovering years of abuse. But it has more contacts to chain than it did previously, thanks to its manual search method, even with reform efforts taking away one of its hops.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: chaining. phone numbers, nsa, selectors, surveillance

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 3 Jul 2014 @ 3:13am

https://en.wikipedia.org/wiki/Six_degrees_of_separation

If they use a few more hops everybody will be connected to Al Qaeda. It's easy to form links only looking at connections and manufacture possible plots. Stasi used to be pro at it.
[ link to this | view in chronology ]
Anonymous Coward, 3 Jul 2014 @ 3:44am

I wonder how the world is going to look back on this era in 20 or so years.
[ link to this | view in chronology ]
- That Anonymous Coward (profile), 3 Jul 2014 @ 4:38am
  
  Re:
  Nothing happened 20 years ago.
  We have always been at war with HobbyLobMart.
  [ link to this | view in chronology ]
- Coyne Tibbets (profile), 3 Jul 2014 @ 7:42am
  
  Re:
  As the last time of great freedom from surveillance and government control. The good old days before every baby born was required to have a imbedded brain chip implant complete with built in intent interpreter and pain-enforced retraining.
  [ link to this | view in chronology ]
David, 3 Jul 2014 @ 5:26am

Do you want the terrorists to win?
The only way to prevent another 9/11 is to stop deserving it. The main thing distinguishing the NSA and its ilk from "real" terrorists is that the former cost the American taxpayers a lot more money and lives and constitute a much larger danger to American values and liberties.
[ link to this | view in chronology ]
Whatever (profile), 3 Jul 2014 @ 5:41am

Reasonable?
It seems pretty reasonable to check the people that a target contacts to see if they are being used as a relay or a go between. Checking who they are calling or receiving calls from seems like actually pretty good work. It seems that it would also make it a lot easier to understand the potential value of one contact point compared to another.
[ link to this | view in chronology ]
- Ninja (profile), 3 Jul 2014 @ 6:15am
  
  Re: Reasonable?
  If such surveillance is targeted and has proper warrants then you might have a point. Might. A friend of mine was friends with a drug dealer and they used to talk very often before he got arrested. Simply examining her calls with him would be far enough to determine if there are any further implications. If this primary investigation showed she was involved then a warrant to tap her phone too would be very easy to obtain since there would be evidence that she is involved. Due process. You don't seem to like it but that's how it's supposed to happen. Law enforcement does not have the right to go wiretapping anyone and everyone, just specific targets and there are plenty of historic reasons why warrants should be needed for every hop.
  [ link to this | view in chronology ]
  - Whatever (profile), 3 Jul 2014 @ 7:02am
    
    Re: Re: Reasonable?
    The thing is that they are not tapping her phone - they are collecting metadata on her calls to look to see if she is also perhaps calling Columbia. If they are targetting the drug deal, they would certainly be smart to check to see if some of the people he is contacting are perhaps handling business for him.
    
    I know most people here don't enjoy the concept, but in the real world this looks like an excellent way to make it harder for criminals to operate, and also to spot potential connections that might not otherwise be evident.
    
    there are plenty of historic reasons why warrants should be needed for every hop.
    
    Not quite as clear, and to be fair, the numbers would get out of hand very rapidly. He calls or is called by 10 people, and they each call 10 people... now you need 100 warrants, each one a page or more long, with justifications, time in front of a judge... You need to hire more agents just to fill out forms. You also know that if there is an original warrant for the first guy, then the rest of the warrants would pretty much be a given - just buried under a sea of needed paperwork that might make agents consider not using the information.
    
    I think it's much better that a warrant is requested if the meta data (numbers called) suggest something that may be relevant to the case. It would have to be tied to an original warranted case, but it seems like a good way to get the job done and not overburden the courts with endless warrant requests.
    [ link to this | view in chronology ]
    - Anonymous Anonymous Coward, 3 Jul 2014 @ 8:12am
      
      Re: Re: Re: Reasonable?
      With a warrant it is sometimes just a fishing expedition. Without a warrant, it is only a fishing expedition. The purpose of a warrant is to articulate a reason. Without a reason they are trolling for mud, to use on you if necessary (or maybe even enjoyable).
      [ link to this | view in chronology ]
    - Ninja (profile), 3 Jul 2014 @ 11:47am
      
      Re: Re: Re: Reasonable?
      First of all, metadata alone is enough to fuck you good. Do you trust 100% every single person you call? That pizza store that serves as a disguise for a meth lab that you order their delicious pizza every friday?
      
      Second, perhaps is not probable cause unless there is proof she's talking with him about drug dealing itself. I'm calling my relatives in Iran. Since it's Iran perhaps I'm a terrorist so my calls should be tapped. Got my point?
      
      I know most people here don't enjoy the concept, but in the real world this looks like an excellent way to make it harder for criminals to operate, and also to spot potential connections that might not otherwise be evident.
      
      There's no evidence that all the collection has helped in any significant way. But there is PLENTY historical examples of how such power can and will be abused. Your totalitarianism is oozing.
      
      Not quite as clear, and to be fair, the numbers would get out of hand very rapidly. He calls or is called by 10 people, and they each call 10 people... now you need 100 warrants, each one a page or more long, with justifications, time in front of a judge...
      
      So? That's due process. He calls 10 people, 2 of them discuss drugs with him. Get a warrant to check those other 2 and start a proper investigation on them as well. If needed repeat. Properly justified a warrant can be delivered in less than 30 minutes or even less. If the agents don't like to follow the rules then just replace them. That's how it should be, that's how the Constitution works. The constitution itself makes the distinction on people or persons as a mean to encompass all people, not only American citizens in some of the Amendments.
      
      I think it's much better that a warrant is requested if the meta data (numbers called) suggest something that may be relevant to the case.
      
      No, it is not. Metadata alone does not show anything. If the actual content suggests a second person is involved then you go through the judiciary and get the pertinent warrants. As I noted it is neither hard nor it takes a long time as you seem to believe.
      
      It would have to be tied to an original warranted case, but it seems like a good way to get the job done and not overburden the courts with endless warrant requests.
      
      One of the attributions for the courts is upholding Constitutional protections. Granting warrants when it seems fit falls squarely within their attribution.
      
      Caution, your totalitarianism is gushing out like crazy. You are a despicable person.
      [ link to this | view in chronology ]
  - Anonymous Anonymous Coward, 3 Jul 2014 @ 8:18am
    
    Re: Re: Reasonable?
    This is the NSA, whom have no law enforcement mandate and have no intention of building cases to take before any judge.
    
    While I agree the 'searching' must be targeted, applying normal judicial standards might be inappropriate.
    
    Maybe we need new names for 'targets' and 'warrants' to make things clear for them, along with non ambiguous definitions. Of course, they will just redefine those new terms anyway.
    [ link to this | view in chronology ]
    - Anonymous, 3 Jul 2014 @ 9:28am
      
      Re: Re: Re: Reasonable?
      If they have "no intention of building cases to take before any judge", then perhaps they should stop giving their data away to other agencies like the FBI and DEA who do have that intention, thus bastardizing the notion of due process.
      
      My guess is that's not even the worst the data is used for currently. Democrat representative Maxine Waters said shortly after Obama's re-election that: "Obama is building a database like the world has never seen with everything on everyone", and the context was that this data was going to be used to win elections in perpetuity.
      [ link to this | view in chronology ]
      - Anonymous Anonymous Coward, 3 Jul 2014 @ 12:37pm
        
        Re: Re: Re: Re: Reasonable?
        This is where the FBI and DEA get into the fiction of parallel construction, with instructions to local law enforcement and prosecutors to lie by omission. If the defense gets a sniff of surveillance, the case is in trouble because of this. Or at least it should be.
        [ link to this | view in chronology ]
AnonymouseCoward, 3 Jul 2014 @ 10:52am

"manual analyst.sh" --deep-dive --query --selector tel:313-555-1212
[ link to this | view in chronology ]