The NSA's Lockbox Has No Lock

from the like-that-won't-be-abused? dept

One of the key points that officials have been making in defense of the NSA surveillance is this idea that even if they're collecting all this data on your communications, they can't actually do anything with it, because they keep it safely locked up in a lockbox, and only check it if they have some bit of data they want to find out about later. That was the crux of the claims made by former NSA/CIA boss Michael Hayden who seemed to think that "data mining" and "asking the database questions" were two different things. However, as William Saletan is pointing out at Slate, the lockbox is a lie. There is no lockbox. He quotes officials including NSA boss Keith Alexander and Congress's number one NSA apologist, Rep. Mike Rogers, both suggesting strongly that even if the NSA is collecting all your data, it's safe because it can't be explored without a "very specific court-ordered approval process."

Except... what they conveniently left out, is that the court doesn't review any of this. It appears that it probably set some very basic rules up front when it gave the okay on collecting the data, which no one else gets to know about, and no one carefully checks up on the NSA later to see if they really follow any of those rules. What the claims most certainly do not mean, is that the NSA needs to get a court order to search the database. Senator Dianne Feinstein admitted as much directly:
Q:  Is a court order necessary to query the metadata database?
Feinstein:  Is a court order necessary to query—
Q: The metadata database under 215. An individual court order for each query.
Feinstein: A court order—well, I don't know what you mean by a query. A court order—
Q: To search the database.
Feinstein: To search the database, you have to have reasonable, articulable cause—
Q: Certified by a judge?
Feinstein: —to believe that that individual is connected to a terrorist group. You cannot—
Q: But does that have to be determined by a judge?
Feinstein: Could I answer? You may not like it, but I'll answer. Then you can query the numbers. The only numbers you have—there's no content. You have the name and the number called, whether it's one number or two numbers. That's all you have. Then you can get the numbers. If you want to collect content, then you get a court order.
Q: So you don't need a court order for the query itself.
Feinstein: That's my understanding.
And yet, as the article notes, most of the defenders of the program strongly imply otherwise, highlighting the "court-approved" process that people need to go through to query the database. But if there's no real oversight, and no court reviewing each query, then, as Saletan points out, there is no lockbox.
There's no lock on the lockbox.

That hasn't stopped current and former government officials from repeating the lockbox line. Yesterday Rogers used it again on Face the Nation. Dick Cheney, appearing on Fox News Sunday, backed him up. On Meet the Press, Michael Hayden, the guy who ran the NSA when it began collecting phone records, assured Rep. Bobby Scott, (D-Va.,) "The only way you can access the metadata is through a terrorist predicate." When Scott asked, "Where is that written?" Hayden replied: "It's in the court order." Really? Where's the court order? When is it applied, and how?

If the court isn't screening data requests, that leaves two possibilities. One is that nobody's screening them. The other is that some other, unknown entity is doing it in a way that nobody has explained. Either way, the answers we're getting are unacceptable. They betray privacy, public trust, and national security.
If there's no public standard, and no official oversight or review process, then the probability that the database is being abused approaches one very, very quickly.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:43am

    No locks eh?

    Ill bet its not even encrypted, probably an ordinary MySql (or probably MsSql) database on a server somewhere.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Uriel-238 (profile), Jun 18th, 2013 @ 10:43am

    Mike when you said There's no Lock on the lockbox, my first thought is that this information lies unencrypted in an easily searchable system hooked up to the internet with, probably, a modest firewall at best.

    Which means any hacker worth his salt will be able to ALSO use the massive NSA database for their own ends.

    I'd like some reassurance of how few (or rather, how many) people actually have access to this supertrove of data.

    What would it take to force the NSA to purge the thing and stop?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:45am

    "The NSA's Lockbox Has No Lock"

    Holy pfargtle. How do they put stuff into it?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:45am

    "I don't know what you mean by a query."

    This is what happens when you have someone incapable of understanding basic terminology behind the technology they're using.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:49am

    Re:

    "What would it take to force the NSA to purge the thing and stop?"

    Login to the NSA database, (Il'l Bet the password is 12345), then type:

    DROP `DATABASE`

    Done!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:51am

    Re:

    The database is probably NOT on the Internet, NSA have their own network for obvious reasons, they are paranoid about anyone else getting their data. They pass carefully written reports to the government, with most sources and names removed. These are probably still on paper so that they can be locked in a safe.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:51am

    Re: No locks eh?

    most likely MSSQL, the government doesn't like open source projects since you don't "own" it and it's more "secure".

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    RyanNerd (profile), Jun 18th, 2013 @ 10:54am

    Re: No locks eh?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:57am

    Re: No locks eh?

    Let's check the Linkedin profile of the NSA employees responsible for building the database.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:58am

    Re: Re:

    Yeah, so paranoid about people getting their data that they'll go to great lengths to set up the most secure and advanced digital lockbox in the world.

    Oh, wait.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:58am

    Government officials are tech illiterate, the tech people know they are lying and they know why what they are saying is a lie.

    If you can query a database, the only thing stopping you from making other queries is you not a judge and if there is nobody looking there is no lock, is the judge the one that gives some sort of digital key to open the query station for them?
    I doubt it is done that way.

    The analogue version of this would be locking someone in a warehouse full of documents collected from everywhere and leaving the guy in there only to come out and ask the judge to authorize his use of some piece of paper he found in there.

    The government is not naive, they know not to allow access to sensitive information to anybody, they put several layers of protection and when you need something you need to go ask authorization to someone to unlock so there is a paper trail, but somehow they devised a scheme where there are apparently zero safeguards real safeguards in place and are telling people that it works the way they say because they say so.

    Right.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 10:59am

    Re: Re: No locks eh?

    Figures...

     

    reply to this | link to this | view in thread ]

  13. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Jun 18th, 2013 @ 11:00am

    So why should you think Google is any better?

    Mike is only "against" the visibly gov't part of the surveillance grid. He not only doesn't worry about Google, which is a major source of NSA data in the first place, he promotes it.

    http://gawker.com/5491756/six-delusions-of-googles-arrogant-leaders

    Schmidt also said Google has been known to curb its own creepy impulses:

    "There are many, many things that Google could do, that we chose not to do... One day we had a conversation where we figured we could just try to predict the stock market. And then we decided it was illegal. So we stopped doing that."

    http://www.theregister.co.uk/2010/09/23/schmidt_on_colbert/

    Schmidt: 'Google doesn't do data mining'

    That last is EXACTLY what the NSA is saying here.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Michael, Jun 18th, 2013 @ 11:00am

    1) a 4 year old
    2) a full candy jar
    3) an easily opened lid
    4) parents are out of the room

    Yeah, that plan is flawless.

     

    reply to this | link to this | view in thread ]

  15. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:02am

    You know I'm going to post it, Mikey. Whac-A-Mole is a losing game, and you know it. And you know I'll post so many more just like it. It's funny watching you try and stop me.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:02am

    Re: So why should you think Google is any better?

    Where in this article did Mike say anything about Google?

    Go back to 4chan you troll.

     

    reply to this | link to this | view in thread ]

  17. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:06am

    Re:

    Yeah, he's trying to block me too! We're in this together man, we can do it, we can defeat this oppression! Who else is with us? You shall know us by our call!

    BAWK! BAWK! BAWK! Let's milk this chicken dry!

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:06am

    Re:

    You've gone completely off the deep end.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    gnudist, Jun 18th, 2013 @ 11:07am

    Re: So why should you think Google is any better?

    Utterly irrelevant as always blue


    You might as well have just asked for obama's long form birth certificate

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    John Doe, Jun 18th, 2013 @ 11:07am

    Just wait 5 or 10 years when people run for office

    The fun will really start in 5 to 10 more years when someone decides to run for office and they are not part of the party in charge. Suddenly they will get visits from unsavory people suggesting they not run for office or their internet search history, phone history and email records will come to light. Maybe those records show the person was into weird stuff. Stuff he doesn't really want the public to know. This can/will become a tool for the party in charge to stay in charge for a long, long time.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:09am

    Re: Re:

    Milk the chicken?

    Sounds sexy.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:11am

    Re: Just wait 5 or 10 years when people run for office

    And now you know why Congress doesn't want to do anything.

     

    reply to this | link to this | view in thread ]

  23. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:13am

    Re: Re: Re:

    Why did the chicken milk the road? To get to the udder side.

    BAWK! BAWK! BAWK!

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:14am

    Re: Re: Re:

    Why do they even bother with the euphemisms?

    We all know what they're thinking about...

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:17am

    Re: Re: Re: Re:

    I get the feeling the reference to "milking" is a Freudian slip on Joe's part. He loves the BDSM lifestyle.

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    RyanNerd (profile), Jun 18th, 2013 @ 11:19am

    Damn Bureaucrats

    But sometimes if you look at what they say as a kind of dance. Frome the perspective that what they say as an art form it does take the stench out of the BS just a little. It can actually be an ashonishingly amazing tap dance routine to witness:

    Q: But does that have to be determined by a judge?
    Feinstein: Could I answer? We see here a classic flaps step.
    You may not like it, but I'll answer. This is another classic step called digs.
    Then you can query the numbers. The only numbers you have—there's no content. This move is called the riff.
    You have the name and the number called, whether it's one number or two numbers. That's all you have. Then you can get the numbers. This is a complicated step called the Shuffle bufflo.
    If you want to collect content, then you get a court order.
    Finally we end with yet another very complicated step called the pull backs single to double.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    That One Guy (profile), Jun 18th, 2013 @ 11:21am

    Re: Just wait 5 or 10 years when people run for office

    Oh it get's better, as they have no real oversight, there's nothing at all stopping them from creating any 'records' to use in that manner, because who exactly is going to be willing and able to call them out on it?

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:21am

    Re: Re: Re: Re:

    What are you, like five years old?

     

    reply to this | link to this | view in thread ]

  29. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:21am

    Re: Re: Re: Re: Re:

    The only BSDM lifestyle here is the chains of oppression that Pirate Mike the Chicken Milker and his kind wrap around our proxies, us the dissenters, us the master debaters!

    Let our people go!

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:24am

    Re: Re: Re: Re: Re: Re:

    ...the master debaters!"

    You sir, made me giggle so hard I peed a little.

    PS - Just noting that cuz Joe likes watersports.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:27am

    Re: Re: Re: Re: Re: Re:

    "Pirate Mike the Chicken Milker"

    I just about died when I read that... I cant stop laughing...

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    Rapnel (profile), Jun 18th, 2013 @ 11:36am

    Re:

    He may have confused that fact that the system queries the operator when things need another look which may or may not lead to a request for immediate attention or a request to the secret court in order to bust out the man power.

    That and browsing the data feeds, gosh, in pretty much real real-time, is not exactly a well formed query. I can see how some clarification on the usage of "query" may have been necessary.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    Josh in CharlotteNC (profile), Jun 18th, 2013 @ 11:39am

    Re: Re: No locks eh?

    Err, no, not exactly.

    SELinux was developed by the NSA.

    Of course, they don't seem to be taking advantage of the features they designed, namely the strong access control features.

     

    reply to this | link to this | view in thread ]

  34. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 11:42am

    See the post that You Know Who doesn’t want you to see: http://bit.ly/14gT9mc

    Why's he so desperate to censor this?

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    Josh in CharlotteNC (profile), Jun 18th, 2013 @ 11:43am

    Re: Re: Re: Re: Re:

    And yet that's still 3 years older than the person who started this thread.

     

    reply to this | link to this | view in thread ]

  36. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 12:01pm

    Why is Mike so scared of this post? Why must he censor it?

    http://bit.ly/14gT9mc

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 12:02pm

    We already know that the FBI abuses NSLs constantly and yearly reports show it continues.

    Here you have no oversight, no public visibility for verifying the process, and the court supposedly responsible for oversight doesn't.

    This sounds like a whole bunch of politicians who are in on it not wanting to be exposed and nearly everything you are hearing are lies.

    Only the light of public scrutiny will now clear up this stain.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    wijnands, Jun 18th, 2013 @ 12:44pm

    it's the police state you guys wanted

    Let's face it, it's the police state you guys brought onto yourselves. The only problem with it is that you force it upon the rest of the world.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    AC Unknown, Jun 18th, 2013 @ 12:54pm

    Re: Re: Re: Re: Re: Re:

    Shut up, troll.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 1:00pm

    Re:

    They use quantum Mi-Go workers.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous?, Jun 18th, 2013 @ 1:21pm

    to NSA: "terror, covert, afganistan, pakistan, chechnya"
    And now that you are paying attention;
    ' -- select concat('drop table if exists ', table_name, ' cascade;') from information_schema.tables; --

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 2:28pm

    Re:

    So, you think you should be allowed to know exactly what the NSA and/or the FBI is doing. And you should be allowed to scrutinize it. At the end of the Yellowbrick road you will find your fantasy land.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    John Fenderson (profile), Jun 18th, 2013 @ 3:14pm

    Re: Re:

    I think that the activities of the NSA, CIA, or any other TLA should be public as far as possible. There are some circumstances where this isn't realistic. In those circumstances, though, there needs to be real, actual, authoritative, effective oversight by people who represent the US citizenry.

    Right now, there isn't. That's an even bigger problem than any individual program, as the lack of oversight is what allows these egregious individual programs to persist.

     

    reply to this | link to this | view in thread ]

  44. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 3:38pm

    See the link that Mike is desperate to censor: http://rdd.me/e9cd9hqe

    Mr. Freedom hates that his constituents even know this link exists.

    More to come!

     

    reply to this | link to this | view in thread ]

  45. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jun 18th, 2013 @ 7:34pm

    See the post that over 200 people on TD have seen. See the post that mike desperately doesn't want anyone to see. He's so desperate to hide this that he's blocking IPs, keywords, titles, and links.

    Mike hates this post so much that he's going out of his way to censor it: http://tr.im/44w44

    the next edition will be out very soon.

    How hard will he work to hide that from you too?

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Anonymous Coward, Jun 19th, 2013 @ 2:02am

    actually, it IS possible to explain it. In simple english:
    no warrant: who you call
    warrant: what you said

     

    reply to this | link to this | view in thread ]

  47.  
    icon
    Ninja (profile), Jun 19th, 2013 @ 4:04am

    So you are telling me that they'll behave and never look at data without a warrant despite it being readily available. Right.

    Then they say 9/11 could have been avoided if they had all that data. How do both statements fit together? The only possible way they could look at the data if available would be to have a court warrant which means they'd need to argue that there's a probable cause and this could only be done by normal police work which would have raised some data first.

    Providing a warrant is given, the telcos store metadata as what was collected for a good while thus making such preemptive surveillance completely unnecessary. Their own arguments kill each other.

    No really, just a peek.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Lurker Keith, Jul 10th, 2013 @ 9:14pm

    Re:

    I don't know if this has anything to do w/ these Trolls claiming to be blocked by some automated process, but I have noticed Techdirt behaving strangely of late.

    The last few days (could be over a week or more; I've not been paying sufficient attention to when it started), Techdirt has been lagging, & I've been getting "Techdirt is not responding due to a long script running" errors.

    Today, I'm getting those script errors, & additional lagging, trying to uncollapse the Hidden posts (if I'm going to read the comments below them, I'd prefer to know what they're replying too... I do sometimes regret trying to read the IQ reducing stupid).

    I've been considering reporting these lags, & so now I have.

    I also will point out that I sometimes have to use IE10's Compatibility Mode a lot to get the Funny/ Insightful/ Report buttons to display (it's inconsistent, & sometimes even that doesn't work & an additional refresh is required).

    I have noticed that the pop-up whatever those are lag again, as well. & one has to keep being closed every refresh/ with each new page opened.

    Hopefully, this report is helpful enough to find out what the problems are.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This