NSA Makes Metadata (Including Info On Americans) Available To Domestic Law Enforcement Via 'Google-Like' Search

from the easy-peasy dept

Mon, Aug 25th 2014 1:36pm — Mike Masnick

The latest report from The Intercept on documents obtained from Ed Snowden (and, yes, they make it clear that these are from Snowden, rather than the purported "second leaker") is about a "Google-like" search engine that the NSA built, called ICREACH, which lets the NSA share a massive trove (at least 850 billion) of "metadata" records not just with others in the NSA or CIA, but with domestic law enforcement and other government agencies including the FBI and the DEA. The database includes records collected via Executive Order 12333, which we recently noted a State Department official revealed as the main program via which the NSA collects its data (and which is not subject to oversight by Congress).

While data collected under 12333 is supposed to be "minimized" to ditch information on "US Persons" we've already noted how backdoor searches get around that. Further, as this report reminds everyone, while "minimized" the NSA still keeps the data, and if someone (say, the DEA or FBI) wants to dig deeper, they can "un-minimize" the data.

However, the documents make clear that it is not only data about foreigners’ communications that are available on the system. Alexander’s memo states that “many millions of…minimized communications metadata records” would be available through ICREACH, a reference to the process of “minimization,” whereby identifying information—such as part of a phone number or email address—is removed so it is not visible to the analyst. NSA documents define minimization as “specific procedures to minimize the acquisition and retention [of] information concerning unconsenting U.S. persons”—making it a near certainty that ICREACH gives analysts access to millions of records about Americans. The “minimized” information can still be retained under NSA rules for up to five years and “unmasked” at any point during that period if it is ever deemed necessary for an investigation.

In other words, there's a decent chance that the FBI and DEA can easily surf through these hundreds of billions of records, and "unmask" people if need be, and then make use of the infamous parallel construction to hide how they first decided to focus on a particular individual or group.

In practice, this could mean that a DEA agent identifies an individual he believes is involved in drug trafficking in the United States on the basis of information stored on ICREACH. The agent begins an investigation but pretends, in his records of the investigation, that the original tip did not come from the secret trove. Last year, Reuters first reported details of parallel construction based on NSA data, linking the practice to a unit known as the Special Operations Division, which Reuters said distributes tips from NSA intercepts and a DEA database known as DICE.

Tampa attorney James Felman, chair of the American Bar Association’s criminal justice section, told The Intercept that parallel construction is a “tremendously problematic” tactic because law enforcement agencies “must be honest with courts about where they are getting their information.” The ICREACH revelations, he said, “raise the question of whether parallel construction is present in more cases than we had thought. And if that’s true, it is deeply disturbing and disappointing.”

And yes, this is "just metadata" but as the Intercept report notes, the NSA's own notes relating to this project reveal just how valuable metadata can be, including noting that it "has been a contribution to virtually every successful rendition of suspects and often, the deciding factor."

An NSA memo noted that PROTON could identify people based on whether they behaved in a “similar manner to a specific target.” The memo also said the system “identifies correspondents in common with two or more targets, identifies potential new phone numbers when a target switches phones, and identifies networks of organizations based on communications within the group.” In July 2006, the NSA estimated that it was storing 149 billion phone records on PROTON.
According to the NSA documents, PROTON was used to track down “High Value Individuals” in the United States and Iraq, investigate front companies, and discover information about foreign government operatives. CRISSCROSS enabled major narcotics arrests and was integral to the CIA’s rendition program during the Bush Administration, which involved abducting terror suspects and flying them to secret “black site” prisons where they were brutally interrogated and sometimes tortured. One NSA document on the system, dated from July 2005, noted that the use of communications metadata “has been a contribution to virtually every successful rendition of suspects and often, the deciding factor.”

Remember Michael Hayden gleefully admitting that the US kills people based on metadata? Well, now it turns out that we "rendition" them on metadata as well. Oh, and contrary to earlier claims about how just a few NSA analysts could examine the metadata, it now looks like tons of other government agencies, including the FBI and DEA have pretty free license to scour the data as well.

Decision Memorandum for Dni on Icreach (PDF)Decision Memorandum for Dni on Icreach (Text)

Sharing Communications Metadata Across the U S (PDF)Sharing Communications Metadata Across the U S (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dea, fbi, icreach, metadata, nsa, parallel construction, search engine

29 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Uriel-238 (profile), 25 Aug 2014 @ 1:44pm

So this is a total outrage right?
Someone -- the president, congress, the courts, people with torches -- are going to shut this the fuck down as it should have been ages ago. Yes?

Anyone?

Am I all alone here?
[ link to this | view in chronology ]
- rapnel, 25 Aug 2014 @ 2:17pm
  
  Re: So this is a total outrage right?
  No, not alone.
  
  This train is off the rails.
  
  If that wasn't official before then it's pretty fucking official now.
  
  The law of the land is broke too, officially.
  
  Fuck it. I'm going speeding.
  [ link to this | view in chronology ]
- Anonymous Coward, 25 Aug 2014 @ 5:51pm
  
  Re: So this is a total outrage right?
  The judicial has no teeth to do anything.
  The legislative branch enjoys their power too much to do anything.
  The executive loves it too much to do anything about it.
  
  That leaves the 2nd amendment but that too is useless.
  With such pervasive surveillance anyone planning a revolution will be labeled a domestic terrorist and taken out before they can rally the troops.
  
  There are too many people content with what the system provides, as long as they have a roof, food, and Facebook they are happy. As long as 'the man' can appease the majority there will never be enough collective will to fix these issues through voting or revolution.
  
  Those with the gold make the rules....
  [ link to this | view in chronology ]
Anonymous Coward, 25 Aug 2014 @ 1:47pm

So that is why they hacked google. Great artists steal.
[ link to this | view in chronology ]
limbodog (profile), 25 Aug 2014 @ 1:50pm

another revelation
I'm well past being shocked. I'm too tired to be outraged. I'm just depressed. I want the people who set this up thrown in jail. They knew it was illegal when they set it up. The people using it downstream knew it was illegal. They just know how impotent the American public has become in regards to government abuses. Honestly, I don't think Snowden, for all he has done for us, will improve things. I think he's just going to make the abusers come out into the open and continue to break the law openly, knowing that there is nobody left to stop them.
[ link to this | view in chronology ]
- rapnel, 25 Aug 2014 @ 2:22pm
  
  Re: another revelation
  Congrats for succumbing. That was the plan all along.
  [ link to this | view in chronology ]
AricTheRed (profile), 25 Aug 2014 @ 1:53pm

INCONCEIVABLE! Like that scene in The Princes Bride
minimized...

I dont think that word, minimized, means what you think.
[ link to this | view in chronology ]
Anonymous Coward, 25 Aug 2014 @ 1:58pm

The Most Transparent Administration Ever
Apparently they weren't making things up. We just automatically assumed the transparency would be to our benefit based on context. Turns out it the stated goal meant they wanted to have all of our information collected, indexed and ready to give them any justification they want when they go on fishing expeditions.

When it comes time to provide information to us via FOIA requests, lawsuits or just plain asking for it, they hide behind layers of red tape, contradictory reasons for not having the required data storage and backups that they have huge budgets set aside for, and purposefully avoiding accountability by using false account names and non secure government email for official business.
[ link to this | view in chronology ]
- Anonymous Coward, 25 Aug 2014 @ 3:09pm
  
  Re: The Most Transparent Administration Ever
  The only transparency our future holds is the installation of glass foreheads so they can see our thoughts.
  [ link to this | view in chronology ]
Anonymous Coward, 25 Aug 2014 @ 2:08pm

I'm getting tired of hearing "deeply disturbing and saddening" it's time to replace that phrase with "Criminal" and "treasonous"
[ link to this | view in chronology ]
BentFranklin (profile), 25 Aug 2014 @ 2:10pm

Download here:

Decision Memorandum for DNI on ICREACH (PDF)

Sharing Communications Metadata Across the US (PDF)
[ link to this | view in chronology ]
- Gwiz (profile), 25 Aug 2014 @ 2:16pm
  
  Re:
  Those are the same links that appear at the end of the article. Any reason for re-posting them?
  [ link to this | view in chronology ]
  - BentFranklin (profile), 27 Aug 2014 @ 6:20pm
    
    Re: Re:
    My browser shows the Amazon cloud document readers, which use javascript. But you can't download the source pdf's from the readers because Amazon is Amazon. I have to go into the page source to find the links because they're inside /noscript tags, which aren't rendered if your browser execs javascript. It's a fallback, kind of like an image alt tag. Other people have the same problem, so sometimes I post them in comments.
    [ link to this | view in chronology ]
Anonymous Coward, 25 Aug 2014 @ 2:11pm

So first off this shouldn't exist since the FBI is the only agency expressly allowed to collect information on US Citizens, then it's shared between the CIA / NSA and FBI....and how many times was this abused like the drivers license databases to look up people outside of an expressed order to do so?
[ link to this | view in chronology ]
Anonymous Coward, 25 Aug 2014 @ 2:24pm

So now they are giving them military grade surveillance data too?
[ link to this | view in chronology ]
Coyne Tibbets (profile), 25 Aug 2014 @ 2:26pm

Super advanced security, no doubt
(With apologies to XKCD 149.)

Agent: Find "Citizen Joe".
Computer: No matching records found for U.S. citizen.
Agent: Sudo find "Citizen Joe".
Computer: Found 13,914 records...
[ link to this | view in chronology ]
Roger Strong (profile), 25 Aug 2014 @ 3:17pm

No "training and guidance" needed!
...the use of communications metadata “has been a contribution to virtually every successful rendition of suspects and often, the deciding factor.”

That would make metadata a contributing factor in more than 100 CIA kidnappings from EU countries before that date, plus Canadians and others from other Western countries. A contribution or deciding factor in a growing number of cases where the victims were shipped to other countries to be tortured for months or years - before being released with an "er, never mind."

Congratulations, America! Now you get to play at home. I'm sure that police forces will be as professional and responsible using this metadata as they have been with their fancy new military equipment.
[ link to this | view in chronology ]
Anonymous Coward, 25 Aug 2014 @ 3:39pm

Oh Well
“raise the question of whether parallel construction is present in more cases than we had thought. And if that’s true, it is deeply disturbing and disappointing.”

In other words, "Too bad. Carry on."
[ link to this | view in chronology ]
That Anonymous Coward (profile), 25 Aug 2014 @ 3:55pm

if those charged with upholding the law are shitting on it, is it still a law?
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

Gurtaj, 25 Aug 2014 @ 4:40pm

@ICreach but it cant reach @stitme
Boolean Tech built the StitMe platform around the core fundamental principle of privacy. This right is not only for those who can afford and understand technology, but for everyone and it must be FREE.

StitMe offers unlimited connections and unlimited calling time at no charge. Further, the app provides users with a timer-based Auto Kill switch to kill chats from both ends. StitMe is the only app providing a comprehensive and complete tool to protect all communication with contacts (Talk and Text). Once the app is loaded it automatically assigns privacy protected one-on-one connections to each of the contacts, thus securing the entire address book with no loose ends. The Chat uses 512Bit AES Encryption (public and private key).

StitMe, a next generation mobile privacy platform, allows people to connect and speak via mobile telephone, all without revealing their actual telephone numbers to each other. With StitMe “Your Name is Your Mobile Number. How Awesome Is that!!” stated Gurtaj S. Padda creator of the StitMe platform and founder and chief executive officer of Boolean Tech. This one-of-a-kind product also protects its users from third-party intrusions, allowing people to connect instantaneously while maintaining control of their privacy. Registered users determine who may call them, when they may call and can even choose to ignore callers or ensure they never call back.

"With today's digitally-connected lifestyles, where much of our life takes place via our mobile handsets or online, our every movement is monitored and personal data collected. StitMe lets you reclaim your privacy, enabling you to speak with family, friends and business contacts with unmatched personal identity protection and control," stated Gurtaj S. Padda. "Even world leaders aren't safe from prying "ears". Boolean Tech believes personal privacy is a fundamental right. We therefore created the StitMe platform from the ground up with a focus on providing individuals with the peace of mind that comes from enjoying personal communication in a reliable and private manner. stitme.com
[ link to this | view in chronology ]
Anonymous Coward, 25 Aug 2014 @ 8:35pm

Parallel Construction? / Fitted up
There's nothing stopping an intelligence agency from planting drugs then feeding the details to officers for arrest. The link back to the intelligence agency is hidden from the court, so it can never examine that path.

It's falsification of evidence, perjury, perverting the court of justice.

You suspect person X has anti-American views. That's difficult to prosecute, but hey, plant some meth in his car, arrange for one of these police 'random' stops. Hey presto, problem solved.

The officer thinks he's party to just breaking the surveillance laws, but yet he might be the fall guy for a whole false prosecution.

They also get officers to break laws for some greater good. Getting them into the routine of lying in court and in depositions.
[ link to this | view in chronology ]
- John Fenderson (profile), 26 Aug 2014 @ 8:03am
  
  Re: Parallel Construction? / Fitted up
  "You suspect person X has anti-American views. That's difficult to prosecute"
  
  One would hope, considering that having anti-American views isn't illegal.
  [ link to this | view in chronology ]
Uriel-238 (profile), 25 Aug 2014 @ 8:36pm

So I thought of a potential scenario...
This sounds like it may become commonplace:

SCENE 1: OUT ON PATROL

OFFICER SAFETY: [BLAM!-BLAM!-BLAM!-BLAM!-BLAM!] [poke-poke] [STOMP-KICK-STOMP] [BLAM!] Oh dear! I shot to death another unarmed black man trying to surrender to me! Whatever shall I do?

OFFICER HUNGRY: I dunno, man. Let's get lunch. I'm sure you'll think of something clever.

SCENE 2: BACK AT THE PRECINCT

OFFICER: [typitty-type-type-typitty-type]

NSA-DATABASE-TERMINAL: Boop-boop-baloolooloop. PING!

OFFICER: Here we go! Dead-black-guy was near reported incidents X, Y and Z and has been in frequent contact with known gang suspects A, B, and C and even orders pizzas from site J which serves all these people and locations. He's probably a thug. Retroactive justice prevails! (And saves my ass!)

OFFICER HUNGRY: Well that's fortunate. Also, chilidogs.
[ link to this | view in chronology ]
Ninja (profile), 26 Aug 2014 @ 4:08am

AHA! Google. We knew it was Google all along! /derp
[ link to this | view in chronology ]
Agonistes, 26 Aug 2014 @ 5:23am

Mike is channeling Sam Axe in this article.
[ link to this | view in chronology ]
Anonymous Coward, 26 Aug 2014 @ 10:56pm

During a declared war, the various federal law enforcement and investigation agencies always share all data accumulated, because the war Measures Act trumps all peace-time laws and regulations.

The only real question is, who exactly did the USG declare war on.
[ link to this | view in chronology ]
- Anonymous Coward, 27 Aug 2014 @ 4:13am
  
  Re:
  Are the Afghanistan and Iraq wars formally over yet?
  
  There was also that little threatened war against a British dependency back in the Cold War, although I'm not sure if it was ever formally declared because the US doesn't usually bother when "restoring democracy" (and because if they had they'd have noticed how stupid they were being and who they were about to invade).
  [ link to this | view in chronology ]
  - GEMont (profile), 7 Sep 2014 @ 5:03pm
    
    Re: Re:
    "Are the Afghanistan and Iraq wars formally over yet? "
    
    Were they actually Formally Declared Wars??
    [ link to this | view in chronology ]
Anonymous Coward, 29 Aug 2014 @ 8:57pm

USA Police State!
[ link to this | view in chronology ]