September 30, 2013

from TechDirt Website




Soon after the very earliest reporting on Ed Snowden's leaked documents about PRISM, the folks from Datacoup put together the very amusing GETPRSM website, which looks very much like the announcement of a new social network, but (the joke is) it's really the NSA scooping up all our data and making the connections. It's pretty funny.


Except, of course, when you find out that it's real. And, yes, that seems to be the latest revelation out of Ed Snowden's leaks.


The NY Times has an article by James Risen and Laura Poitras (what a combo reporting team there!) detailing how the NSA has basically built its own "shadow" social network in which it tries to create a "social graph" of pretty much everyone that everyone knows, foreign or American, and it all happens (of course) without a warrant.


And, note, this is relatively new:

The agency was authorized to conduct "large-scale graph analysis on very large sets of communications metadata without having to check foreignness" of every e-mail address, phone number or other identifier, the document said.


Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners.

The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents.


They do not indicate any restrictions on the use of such "enrichment" data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.

There were apparently two policy changes that allowed this to happen, and both occurred in the past three years.


First, in November of 2010, the NSA was allowed to start looking at phone call and email logs of Americans to try to help figure out associations for "foreign intelligence purposes."


Note that phrase. We'll come back to it.


For years, the NSA had been barred from viewing any content on US persons, and the NSA, President Obama and others have continued to insist to this day that there are minimization procedures that prevent spying on Americans. Except, this latest revelation shows that, yet again, this isn't actually true.

The second policy change came in January of 2011, when the NSA was told it could start creating this massive "social graph" on Americans without having to make sure they weren't Americans any more, as indicated above.

Somewhat amazingly, the new report notes that in 2006, the NSA asked the Justice Department for permission to do exactly this sort of thing, and was rejected, saying that a "misuse" of that kind of data "could raise serious concerns."


Indeed, it could, and does raise serious concerns, but apparently the current administration just doesn't give a crap.





If all of this sounds familiar, it's almost exactly what the feds tried to setup in 2002 with the Orwellian name Total Information Awareness.


Except that time (right after 9/11, when you'd think the public would be at its most receptive to such programs), as word got out about the program, the public rightly flipped out, and we were told the program was shuttered.


Except, as some have been arguing for years, it was never shuttered, it was just rebuilt in secret.

And, of course, the NSA is still willing to defend this massive breach on Americans' privacy:

An agency spokeswoman, asked about the analyses of Americans’ data, said,

"All data queries must include a foreign intelligence justification, period."

"All of NSA’s work has a foreign intelligence purpose," the spokeswoman added. "Our activities are centered on counterterrorism, counter-proliferation and cyber-security."

Note the continued shift in language.


For a while, they kept saying that the NSA does no surveillance on Americans at all. At all!  They insisted that would be illegal.


Then, later, people started to note that they would use the phrase "targeting foreign intelligence" which had just enough (barely) wiggle room to get people to think that they were only looking at non-US person data and content, but really meant as long as the overall investigation "targeted" foreign intelligence, it was fine.


Now they're even walking back from that, and saying that apparently it's fine to spy on Americans without a warrant so long as there's "a foreign intelligence justification."


In short: if you can come up with some excuse for how it might impact something foreign, the NSA can spy on Americans without a warrant.

That's no limitation at all. In fact, such a rule is meaningless. We already know that the NSA gets every telephone record handed over because they claim it's "necessary" to "connect the dots" on foreign terror plots.


And, similarly, now they're arguing that they can look at anything else so long as they claim that there's a "foreign intelligence justification."


That means they have no limits. They just have to come up with some wacky reason to claim that so-and-so might have foreign connections that are important to know about, and voila, their life is open for the NSA to dig in, all without any oversight or a warrant.

Somewhat surprisingly, the already disclosed phone metadata dragnet is actually not used for this social network effort, but that doesn't mean the NSA is lacking in data with which to create this shadow spying social network.


It uses the NSA's taps on fiber optic networks, the ones that collect a ton of internet data, as Dianne Feinstein confirmed last week.

The NSA documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway.


It is a repository into which vast amounts of data flow daily from the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked.

The documents show that significant amounts of information from the United States go into Mainway. An internal NSA bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day.


In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign.

Um... That's an awful lot of records on Americans.


And yet, we're still being told that the NSA doesn't spy on Americans? Yeah, right.

Anyway, it appears that the GETPRSM social network has been in existence for quite some time now, and don't worry if you haven't received your invite. You've already joined.