Glenn Greenwald Says NSA, GCHQ Dismayed They Don't Have Access To In-Flight Internet Communication
from the one-that-got-away? dept
Glenn Greenwald gave a video keynote speech to the Chaos Communication Congress last Friday. Most of his talk revolved around the Snowden leaks, of which he says there's plenty more to come. (The most conservative estimate puts the total number of pages taken by Snowden at ~58,000, of which less than 900 have been released. Cryptome's running count puts it at 799 pages as of Dec. 24th -- 1.4% of the most conservative total.)
According to Greenwald, an upcoming story at his new venture will focus on one area the surveillance mesh has failed to cover -- one that's driving the NSA and GCHQ crazy.
He said he was working on a new story indicating that the NSA was “obsessed” by the idea that people could still use some Internet devices and mobile phones on airplanes without being recorded. “The very idea that human beings can communicate for even a few moments without their ability to monitor is intolerable.”I can imagine this must be very irritating for the two agencies. Somewhere someone (many someones) will be generating data that isn't immediately being harvested. I'm sure there's a "fix" on the way to plug this "security hole." It's not as if government intelligence agencies are going to sit idly by while a government regulatory agency (inadvertently) creates airborne data havens by loosening restrictions on electronic devices.
Whatever's preventing the NSA and GCHQ from making a grab for in-flight data and communications isn't a technological issue. In-flight WiFi and other internet connections have been available for years. All data necessarily flows in and out of airborne choke points, which would make it very easy for the agencies to collect, store and retrieve the data later.
No, what's holding the agencies back is likely a lack of justification for patching up this hole in its collections. The metadata being generated may not be protected by the Fourth Amendment, but there's no simple way to collect and minimize this very mobile form of domestic communication. International flights would perhaps provide some leeway for collection. Once the flight is out of domestic airspace or is connecting with foreign communications towers, etc., it could be argued that the data is fair game.
Playing the "national security" card is a non-starter. To claim potential terrorists are using in-flight connections to communicate without fear of surveillance is to call into question the skills of those providing security on the ground, putting the DHS in the awkward position of explaining why its TSA agents are allowing suspected terrorists to board planes. It also would require officials to believe that terrorists would be willing to risk discovery by airport security in exchange for a few hours of surveillance-free internet usage. None of this is very plausible, and deploying arguments along this line would paint the agencies as data-obsessed paranoiacs, not exactly the sort of image they wish to portray at this point in history.
We do know the NSA collects data on flyers via flight reservation systems and Passenger Name Records (PNRs) created and compiled by airlines. This would give the agency some idea who's flying and where, and there's little doubt it would like to take a look at any communications occurring during these flights. I suppose if it wanted to pull the data retroactively it could, provided it could convince the FISA court the data would be relevant to terrorism-related investigations. The TSA could be tasked with linking device info with passenger records, but there's probably no unobtrusive way to achieve this goal. Because of this, it would be simpler for the agencies to require the airlines to trap communications data and hold it for a certain length of time. PNRs could then be matched with flights and that specific data harvested and pored through for possibly "relevant" communications. Again, this would involve many more entities and tons of domestic citizens' metadata and communications, something that would have been a tough sell five years ago, much less in today's Security vs. Privacy climate.