The NSA's Lockbox Has No Lock
from the like-that-won't-be-abused? dept
One of the key points that officials have been making in defense of the NSA surveillance is this idea that even if they’re collecting all this data on your communications, they can’t actually do anything with it, because they keep it safely locked up in a lockbox, and only check it if they have some bit of data they want to find out about later. That was the crux of the claims made by former NSA/CIA boss Michael Hayden who seemed to think that “data mining” and “asking the database questions” were two different things. However, as William Saletan is pointing out at Slate, the lockbox is a lie. There is no lockbox. He quotes officials including NSA boss Keith Alexander and Congress’s number one NSA apologist, Rep. Mike Rogers, both suggesting strongly that even if the NSA is collecting all your data, it’s safe because it can’t be explored without a “very specific court-ordered approval process.”
Except… what they conveniently left out, is that the court doesn’t review any of this. It appears that it probably set some very basic rules up front when it gave the okay on collecting the data, which no one else gets to know about, and no one carefully checks up on the NSA later to see if they really follow any of those rules. What the claims most certainly do not mean, is that the NSA needs to get a court order to search the database. Senator Dianne Feinstein admitted as much directly:
Q: Is a court order necessary to query the metadata database?
Feinstein: Is a court order necessary to query—
Q: The metadata database under 215. An individual court order for each query.
Feinstein: A court order—well, I don’t know what you mean by a query. A court order—
Q: To search the database.
Feinstein: To search the database, you have to have reasonable, articulable cause—
Q: Certified by a judge?
Feinstein: —to believe that that individual is connected to a terrorist group. You cannot—
Q: But does that have to be determined by a judge?
Feinstein: Could I answer? You may not like it, but I’ll answer. Then you can query the numbers. The only numbers you have—there’s no content. You have the name and the number called, whether it’s one number or two numbers. That’s all you have. Then you can get the numbers. If you want to collect content, then you get a court order.
Q: So you don’t need a court order for the query itself.
Feinstein: That’s my understanding.
And yet, as the article notes, most of the defenders of the program strongly imply otherwise, highlighting the “court-approved” process that people need to go through to query the database. But if there’s no real oversight, and no court reviewing each query, then, as Saletan points out, there is no lockbox.
There’s no lock on the lockbox.
That hasn’t stopped current and former government officials from repeating the lockbox line. Yesterday Rogers used it again on Face the Nation. Dick Cheney, appearing on Fox News Sunday, backed him up. On Meet the Press, Michael Hayden, the guy who ran the NSA when it began collecting phone records, assured Rep. Bobby Scott, (D-Va.,) “The only way you can access the metadata is through a terrorist predicate.” When Scott asked, “Where is that written?” Hayden replied: “It’s in the court order.” Really? Where’s the court order? When is it applied, and how?
If the court isn’t screening data requests, that leaves two possibilities. One is that nobody’s screening them. The other is that some other, unknown entity is doing it in a way that nobody has explained. Either way, the answers we’re getting are unacceptable. They betray privacy, public trust, and national security.
If there’s no public standard, and no official oversight or review process, then the probability that the database is being abused approaches one very, very quickly.
Filed Under: court order, lockbox, nsa, nsa surveillance, oversight
Comments on “The NSA's Lockbox Has No Lock”
No locks eh?
Ill bet its not even encrypted, probably an ordinary MySql (or probably MsSql) database on a server somewhere.
Re: No locks eh?
most likely MSSQL, the government doesn’t like open source projects since you don’t “own” it and it’s more “secure”.
Re: Re: No locks eh?
Err, no, not exactly.
SELinux was developed by the NSA.
Of course, they don’t seem to be taking advantage of the features they designed, namely the strong access control features.
Re: No locks eh?
Actually it is a mix of MSSQL and Oracle:
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/database_servers.shtml
Re: Re: No locks eh?
Figures…
Re: No locks eh?
Let’s check the Linkedin profile of the NSA employees responsible for building the database.
Mike when you said There’s no Lock on the lockbox, my first thought is that this information lies unencrypted in an easily searchable system hooked up to the internet with, probably, a modest firewall at best.
Which means any hacker worth his salt will be able to ALSO use the massive NSA database for their own ends.
I’d like some reassurance of how few (or rather, how many) people actually have access to this supertrove of data.
What would it take to force the NSA to purge the thing and stop?
Re: Re:
“What would it take to force the NSA to purge the thing and stop?”
Login to the NSA database, (Il’l Bet the password is 12345), then type:
DROP
DATABASE
Done!
Re: Re:
The database is probably NOT on the Internet, NSA have their own network for obvious reasons, they are paranoid about anyone else getting their data. They pass carefully written reports to the government, with most sources and names removed. These are probably still on paper so that they can be locked in a safe.
Re: Re: Re:
Yeah, so paranoid about people getting their data that they’ll go to great lengths to set up the most secure and advanced digital lockbox in the world.
Oh, wait.
“The NSA’s Lockbox Has No Lock”
Holy pfargtle. How do they put stuff into it?
Re: Re:
They use quantum Mi-Go workers.
This is what happens when you have someone incapable of understanding basic terminology behind the technology they’re using.
Re: Re:
He may have confused that fact that the system queries the operator when things need another look which may or may not lead to a request for immediate attention or a request to the secret court in order to bust out the man power.
That and browsing the data feeds, gosh, in pretty much real real-time, is not exactly a well formed query. I can see how some clarification on the usage of “query” may have been necessary.
Government officials are tech illiterate, the tech people know they are lying and they know why what they are saying is a lie.
If you can query a database, the only thing stopping you from making other queries is you not a judge and if there is nobody looking there is no lock, is the judge the one that gives some sort of digital key to open the query station for them?
I doubt it is done that way.
The analogue version of this would be locking someone in a warehouse full of documents collected from everywhere and leaving the guy in there only to come out and ask the judge to authorize his use of some piece of paper he found in there.
The government is not naive, they know not to allow access to sensitive information to anybody, they put several layers of protection and when you need something you need to go ask authorization to someone to unlock so there is a paper trail, but somehow they devised a scheme where there are apparently zero safeguards real safeguards in place and are telling people that it works the way they say because they say so.
Right.
So why should you think Google is any better?
Mike is only “against” the visibly gov’t part of the surveillance grid. He not only doesn’t worry about Google, which is a major source of NSA data in the first place, he promotes it.
http://gawker.com/5491756/six-delusions-of-googles-arrogant-leaders
Schmidt also said Google has been known to curb its own creepy impulses:
“There are many, many things that Google could do, that we chose not to do… One day we had a conversation where we figured we could just try to predict the stock market. And then we decided it was illegal. So we stopped doing that.”
http://www.theregister.co.uk/2010/09/23/schmidt_on_colbert/
Schmidt: ‘Google doesn’t do data mining’
That last is EXACTLY what the NSA is saying here.
Re: So why should you think Google is any better?
Where in this article did Mike say anything about Google?
Go back to 4chan you troll.
Re: So why should you think Google is any better?
Utterly irrelevant as always blue
You might as well have just asked for obama’s long form birth certificate
1) a 4 year old
2) a full candy jar
3) an easily opened lid
4) parents are out of the room
Yeah, that plan is flawless.
You know I’m going to post it, Mikey. Whac-A-Mole is a losing game, and you know it. And you know I’ll post so many more just like it. It’s funny watching you try and stop me.
Re: Re:
Yeah, he’s trying to block me too! We’re in this together man, we can do it, we can defeat this oppression! Who else is with us? You shall know us by our call!
BAWK! BAWK! BAWK! Let’s milk this chicken dry!
Re: Re: Re:
Milk the chicken?
Sounds sexy.
Re: Re: Re: Re:
Why did the chicken milk the road? To get to the udder side.
BAWK! BAWK! BAWK!
Re: Re: Re:2 Re:
What are you, like five years old?
Re: Re: Re:3 Re:
And yet that’s still 3 years older than the person who started this thread.
Re: Re: Re: Re:
Why do they even bother with the euphemisms?
We all know what they’re thinking about…
Re: Re: Re:2 Re:
I get the feeling the reference to “milking” is a Freudian slip on Joe’s part. He loves the BDSM lifestyle.
Re: Re: Re:3 Re:
The only BSDM lifestyle here is the chains of oppression that Pirate Mike the Chicken Milker and his kind wrap around our proxies, us the dissenters, us the master debaters!
Let our people go!
Re: Re: Re:4 Re:
…the master debaters!”
You sir, made me giggle so hard I peed a little.
PS – Just noting that cuz Joe likes watersports.
Re: Re: Re:4 Re:
“Pirate Mike the Chicken Milker”
I just about died when I read that… I cant stop laughing…
Re: Re: Re:4 Re:
Shut up, troll.
Re: Re:
You’ve gone completely off the deep end.
Just wait 5 or 10 years when people run for office
The fun will really start in 5 to 10 more years when someone decides to run for office and they are not part of the party in charge. Suddenly they will get visits from unsavory people suggesting they not run for office or their internet search history, phone history and email records will come to light. Maybe those records show the person was into weird stuff. Stuff he doesn’t really want the public to know. This can/will become a tool for the party in charge to stay in charge for a long, long time.
Re: Just wait 5 or 10 years when people run for office
And now you know why Congress doesn’t want to do anything.
Re: Just wait 5 or 10 years when people run for office
Oh it get’s better, as they have no real oversight, there’s nothing at all stopping them from creating any ‘records’ to use in that manner, because who exactly is going to be willing and able to call them out on it?
Damn Bureaucrats
But sometimes if you look at what they say as a kind of dance. Frome the perspective that what they say as an art form it does take the stench out of the BS just a little. It can actually be an ashonishingly amazing tap dance routine to witness:
Q: But does that have to be determined by a judge?
Feinstein: Could I answer? We see here a classic flaps step.
You may not like it, but I’ll answer. This is another classic step called digs.
Then you can query the numbers. The only numbers you have?there’s no content. This move is called the riff.
You have the name and the number called, whether it’s one number or two numbers. That’s all you have. Then you can get the numbers. This is a complicated step called the Shuffle bufflo.
If you want to collect content, then you get a court order.
Finally we end with yet another very complicated step called the pull backs single to double.
See the post that You Know Who doesn?t want you to see: http://bit.ly/14gT9mc
Why’s he so desperate to censor this?
Why is Mike so scared of this post? Why must he censor it?
http://bit.ly/14gT9mc
We already know that the FBI abuses NSLs constantly and yearly reports show it continues.
Here you have no oversight, no public visibility for verifying the process, and the court supposedly responsible for oversight doesn’t.
This sounds like a whole bunch of politicians who are in on it not wanting to be exposed and nearly everything you are hearing are lies.
Only the light of public scrutiny will now clear up this stain.
Re: Re:
So, you think you should be allowed to know exactly what the NSA and/or the FBI is doing. And you should be allowed to scrutinize it. At the end of the Yellowbrick road you will find your fantasy land.
Re: Re: Re:
I think that the activities of the NSA, CIA, or any other TLA should be public as far as possible. There are some circumstances where this isn’t realistic. In those circumstances, though, there needs to be real, actual, authoritative, effective oversight by people who represent the US citizenry.
Right now, there isn’t. That’s an even bigger problem than any individual program, as the lack of oversight is what allows these egregious individual programs to persist.
it's the police state you guys wanted
Let’s face it, it’s the police state you guys brought onto yourselves. The only problem with it is that you force it upon the rest of the world.
to NSA: “terror, covert, afganistan, pakistan, chechnya”
And now that you are paying attention;
‘ — select concat(‘drop table if exists ‘, table_name, ‘ cascade;’) from information_schema.tables; —
See the link that Mike is desperate to censor: http://rdd.me/e9cd9hqe
Mr. Freedom hates that his constituents even know this link exists.
More to come!
See the post that over 200 people on TD have seen. See the post that mike desperately doesn’t want anyone to see. He’s so desperate to hide this that he’s blocking IPs, keywords, titles, and links.
Mike hates this post so much that he’s going out of his way to censor it: http://tr.im/44w44
the next edition will be out very soon.
How hard will he work to hide that from you too?
Re: Re:
I don’t know if this has anything to do w/ these Trolls claiming to be blocked by some automated process, but I have noticed Techdirt behaving strangely of late.
The last few days (could be over a week or more; I’ve not been paying sufficient attention to when it started), Techdirt has been lagging, & I’ve been getting “Techdirt is not responding due to a long script running” errors.
Today, I’m getting those script errors, & additional lagging, trying to uncollapse the Hidden posts (if I’m going to read the comments below them, I’d prefer to know what they’re replying too… I do sometimes regret trying to read the IQ reducing stupid).
I’ve been considering reporting these lags, & so now I have.
I also will point out that I sometimes have to use IE10’s Compatibility Mode a lot to get the Funny/ Insightful/ Report buttons to display (it’s inconsistent, & sometimes even that doesn’t work & an additional refresh is required).
I have noticed that the pop-up whatever those are lag again, as well. & one has to keep being closed every refresh/ with each new page opened.
Hopefully, this report is helpful enough to find out what the problems are.
actually, it IS possible to explain it. In simple english:
no warrant: who you call
warrant: what you said
So you are telling me that they’ll behave and never look at data without a warrant despite it being readily available. Right.
Then they say 9/11 could have been avoided if they had all that data. How do both statements fit together? The only possible way they could look at the data if available would be to have a court warrant which means they’d need to argue that there’s a probable cause and this could only be done by normal police work which would have raised some data first.
Providing a warrant is given, the telcos store metadata as what was collected for a good while thus making such preemptive surveillance completely unnecessary. Their own arguments kill each other.
No really, just a peek.