Privacy

by Tim Cushing


Filed Under:
cost benefit, nsa, oversight, pclob, surveillance



Privacy Board Says NSA Doesn't Know How Effective Its Collection Programs Are, Doesn't Much Care Either

from the pay-no-attention-to-the-men-behind-the-haystacks dept

The Privacy and Civil Liberties Oversight Board (PCLOB) has just released its assessment [pdf link] of the NSA's ability to follow instructions. One year ago, it assessed the Section 215 bulk records collection. Six months later, it assessed the Section 702 program, which hoovers up email communications. Now, it has followed up on its recommendations and found the NSA surprisingly cooperative.

Overall, the Board has found that the Administration and the Intelligence Community have been responsive to its recommendations. The Administration has accepted virtually all of the recommendations in the Board’s Section 702 report and has begun implementing many of them. It also has accepted many of the recommendations in the Board’s Section 215 report and has supported legislation that would satisfy several more, including the most far-reaching of the Board’s proposals.
BUT:
However, many of the recommendations directed at the Administration have yet to be fully satisfied, with the Administration having taken only partial steps, at most, toward implementing them.
The first recommendation was one of the biggest: end the Section 215 program. The NSA doesn't really want to do this, but has seemed receptive to making some changes. The administration, on the other hand, hasn't offered anything to date other than lip service in support of this recommendation. It's been left up to legislators and, so far, legislation targeting the collection has failed to move forward. As the PCLOB noted in its assessment, the Section 215 program "lacks a viable legal foundation," as well as "posing a serious threat to privacy and civil liberties." And yet, it continues on unabated, with four renewals by the FISA court since the PCLOB's original assessment was delivered.

The PCLOB is now gently nudging the administration towards taking a hands-on approach.
It should be noted that the Administration can end the bulk telephone records program at any time, without congressional involvement.
On the bright side, the NSA has cut back on the number of hops in its contact chaining and has to seek approval from the FISA court to search its stored records, and it must be able to provide proof of "reasonable articulable suspicion" before it can do so.

The same goes for the introduction of an actual adversarial process to FISA court proceedings with the addition of an advocate acting on behalf of Americans' interests. The NSA is in no hurry to see this done and, again, the administration has offered its support of the board's recommendations but has made no movement on its own. It's left to legislation to fix this, and if earlier NSA-targeting bills are any indication, this will most likely add to the growing pile of papery corpses left behind by failed Congressional fixes.

The NSA is also taking hesitant steps to publicly release more information on FISC orders and rulings. We've seen some of this via the Office of the Director of National Intelligence's tumblr blog. (Still a very odd sentence to type…) But, it must be noted that a large majority of what has been "released" so far has actually been propelled out of the ODNI's hands by a handful of FOIA lawsuits. So, this new "openness" is not entirely dissimilar to confessions that take "enhanced interrogation techniques" to acquire.

As for the Section 702 program, the PCLOB has recommended a number of technical changes, most of which are at least partly implemented at this point. What's more worrying is the fact that the NSA still continues to harvest "about" communications, thanks to its ability to talk a hesitant FISA court into a "novel" legal theory while operating under interim legislation back in 2007.

The PCLOB raises several concerns about the Section 702's harvesting of communications based on very tenuous connections.
[T]he permissible scope of targeting in the Section 702 program is broad enough that targets need not themselves be suspected terrorists or other bad actors. Thus, if the email address of a target appears in the body of a communication between two non-targets, it does not necessarily mean that either of the communicants is in touch with a suspected terrorist...

While “about” collection is valued by the government for its unique intelligence benefits, it is, to a large degree, an inevitable byproduct of the way the NSA conducts much of its upstream collection. At least some forms of “about” collection present novel and difficult issues regarding the balance between privacy and national security. But current technological limits make any debate about the proper balance somewhat academic, because it is largely unfeasible to limit “about” collection without also eliminating a substantial portion of upstream’s “to/from” collection, which would more drastically hinder the government’s counterterrorism efforts. We therefore recommend that the NSA work to develop technology that would enable it to identify and distinguish among the 24 types of “about” collection at the acquisition stage, and then selectively limit or modify its “about” collection, as may later be deemed appropriate.
The PCLOB also urges the release of information concerning the NSA, FBI and CIA's minimization procedures and stats on how often the NSA acquires and uses the communications of US persons -- both of which are in the "being considered" to "being implemented" stages.

Most importantly, the PCLOB recommends the NSA cough up some evidence that these collections actually have any value. Unsurprisingly, this falls under the "not implemented" heading. And the ODNI/NSA's stalling only makes it look as though these programs are all show, but little substance.
Determining the efficacy and value of particular counterterrorism programs is critical. Without such determinations, policymakers and courts cannot effectively weigh the interests of the government in conducting a program against the intrusions on privacy and civil liberties that it may cause.
Those on the surveillance side always remind us that there needs to be a balance between national security and civil liberties, but the agencies they defend have never bothered to examine the security/privacy ledger. And they're in no hurry to do so. The Section 215 program's effectiveness is highly dubious, and as for the Section 702 program, we (including the PCLOB) don't have enough information to even begin weighing its comparative value. For all the forced transparency, there simply hasn't been much forthcoming on the program itself, much less how useful it is in terms of counterterrorism.

If the NSA wishes to continue its plundering of privacy in pursuit of security, it needs to provide some hard data to back up its assertions that these programs are essential to the safety of the nation. It won't make the plundering OK, but at least it will give the public some idea where their rights stand in the NSA's eyes.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Jan 2015 @ 11:05am

    He he he

    Thus, if the email address of a target appears in the body of a communication between two non-targets, it does not necessarily mean that either of the communicants is in touch with a suspected terrorist...



    Step 1- create a throw-away email address
    Step 2 - Send spam like email to everyone in the US containing the email address of a bad guy in the message body
    Step 3 - Watch the haystack grow

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jan 2015 @ 11:22am

      Re: He he he

      "Step 1 - create a throw-away email address
      "Step 2 - Send spam like email to everyone in the US containing the email address of a bad guy in the message body
      "Step 3 - Watch the haystack grow"

      Or, for NSA LOVINT purposes,

      Step 1 - Contact your buddy in the Federal Bureau of Parallel Construction (aka Lying)
      Step 2 - Ask him/her to call your cheating main squeeze & hang up.
      Step 3 - He/she calls a random number in Yemen.
      Step 4 - Your cheating main squeeze is now 2 hops from those terrorists in Yemen
      Step 5 - Anonymously call 911 to "SWAT" your cheating main squeeze

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jan 2015 @ 11:07am

    They know!

    They know how effective it is!

    They just are feigning ignorance because its effects are not for what they want people to think it is. They say its for preventing terrorism.

    It is not, it is mainly the excuse for those in power to better judge the temperature of the American Electorate and to see how far they can push in this climate.

    As you can readily tell, the American people are still sitting around with its ass in the air waiting to be raped by those in authority as long as they get their creature comforts. As an employed individual I do not have the time or the desire to risk my own job to stand against government abuse. They count on it as well.

    As long as the middle class remains employed with something to work for, the primary force of power (abusive or not) will remain. Once that falls apart... it will be impossible to determine how long it will take for an insurrection to begin. 1 day? Maybe 100 years? Who knows?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jan 2015 @ 11:32am

    botnet spam capturing?

    Spam botnets will email to whoever they can find, right?

    1) put email addresses on a web page that only spam web crawlers will find.
    2) web crawler harvests email addresses and sends traffic to targets, thus getting in the NSA databases.
    3) ???
    4) Profit!

    ... or maybe identify the extent of the botnet...

    For extra credit, hire a botnet you don't like to DDOS the NSA. Two for the price of one!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 30 Jan 2015 @ 12:27pm

    Makes no sense

    > But current technological limits make any debate about the proper balance somewhat academic, because it is largely unfeasible to limit “about” collection without also eliminating a substantial portion of upstream’s “to/from” collection

    This makes no sense. "About" collection involves scanning email content. "To/From" collection involves checking the email headers. Content and headers are entirely independent of one another.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jan 2015 @ 12:52pm

    >Most importantly, the PCLOB recommends the NSA cough up some evidence that these collections actually have any value. Unsurprisingly, this falls under the "not implemented" heading.


    If course this hasn't been implemented. There's little evidence these mass spying programs have stopped any terrorists attacks, ever! Yet these mass spying programs continue to exist despite this fact.

    Why is that? The only logical conclusion is that these mass spying programs aren't really about trying to stop terrorist attacks, because they have a proven track record of failing to do so.

    - Underwear bomber.
    - Boston Marathon Bombers.
    - Charlie Hebdo attack in France.
    - Terror attacks happening in Iraq, Afghanistan, Yemen, Syria, and Nigeria on a daily basis over the last decade.

    * FBI crafted terror plots planned, executed, and funded by the FBI don't count.


    So lets take a look at what these mass spying programs are actually good at:

    - Economic espionage.

    - Information control.

    - Tracking down and prosecuting journalists and their whistleblowing sources.

    - Crushing political dissidence.

    - Using metadata for assassinations, by locking drones and HellFire missiles onto cellphone signals.

    - Keeping the congressional and judicial overseers of rogue three letter agencies in check, through cohesion and blackmail.

    - Untargeted and warrantless surveillance of all law abiding citizens.

    - Tracking the movements of all law abiding citizens through use of national license plate reader databases.

    - Tracking all law abiding citizens movements through the use of cellphone tracking technologies, without a warrant.

    - Tracking the associations of all law abiding citizens, by downloading the contact lists from everybody's phones.

    - Tracking the web browsing and Google search history of all law abiding citizens.

    - Tracking the purchase history of all law abiding citizens, through credit cards, bank accounts, and international money moving networks like SWIFT.

    - Spying on the phone conversations of non-terrorists, such as Angela Merkel. If it can happen to her. It can happen to any of us.

    - Weakening the safety and security of all law abiding citizens, through the use of mandatory backdoor technology. Plus infiltrating and subverting international standards organizations.


    I'm sure that's not even close to half of what these mass surveillance programs are really being used for. "Terrorism" is just the pretext used to hide the extensive list of what mass spying is really about. The end result of mass spying is the subversion of freedom, democracy, and civil rights.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 30 Jan 2015 @ 1:20pm

    Fair enough

    I also don't care how effective the NSA's blanket collection programs are. The programs are horrendous and need to stop even if they are 100% effective.

    reply to this | link to this | view in chronology ]

  • identicon
    McDoogle, 30 Jan 2015 @ 1:27pm

    It's like the definition didn't ever exist

    "The terrorists" are motivated by Islam. Islam is a region. Religion is irrational folly. The terrorists are motivated by irrational folly.

    It has nothing to do allied imperialist expansion.

    Now go back to sleep you fat, stupid slaves. Never question again. We will know if you do.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jan 2015 @ 1:45pm

    this has to be one of the truest statements made! especially the 'dont care' bit. the reason they want to continue hoovering up as much data as possible is because of the hope that something will jump out and slap them in the face, rather than the people having to try to find it!

    reply to this | link to this | view in chronology ]

  • icon
    jimb (profile), 30 Jan 2015 @ 3:10pm

    NSA cooperation

    Since Snowden, the NSA has been very open and cooperative. Of course, they haven't actually *changed* anything they were doing, nor do they plan to... they just figure that now everyone knows about it, even though they can't do anything about it anyway. Of course, if directly instructed to quit doing something, the NSA would be very responsive and cooperative, say "Of course, we'll stop right away!". And then they would just keep right on doing whatever they want to. What better secrecy is there than doing everything in plain sight, and just ignoring any contrary instructions...? It may or may not affect the efficacy or value of these invasive illegal programs, but the NSA doesn't care. They get the money to keep their bureaucracy growing and feeding whether the output of all their programs has any usefulness or not... and that's what is most important to any bureaucracy. The NSA is a force unto itself, and not subject to the control of the civilian authorities. Witness the ability of its head to outright lie to Congress, its ostensible civilian leadership, without penalty or censure. Since everything is secret, anything and nothing is being done, and whatever may or may not be being done is legal, whether it is or not. Kafka would appreciate it...

    reply to this | link to this | view in chronology ]

    • icon
      GEMont (profile), 31 Jan 2015 @ 11:03pm

      Re: NSA cooperation

      "And then they would just keep right on doing whatever they want to."

      Absolutely correct.

      It takes no effort at all to say:

      "Yes sir."
      "Of course sir."
      "We will stop doing that right away sir."

      And then do absolutely nothing that was "suggested" and carry on as if the suggestions were never made.

      Each time they do this, they get a free period where nobody is looking over their shoulder.

      It has become Standard Operating Procedure.

      Like politicians, if the members of the administration of a Spy Agency speak, you can bet any money, they just lied.

      And it no longer matters who they are speaking to.

      I still think the Bush Administration (secretly) declared war on a (secret) enemy, during a (secret) war-council session, held right after they pulled off 9/11.

      I think 9/11 itself was carried out specifically to provide the legal rationale needed to hold such a secret session.

      Its the only thing that I can see that would give the Feds and all their little armies of secret minions the legal ability to simply blow off any demands, commands and reprimands, break any law at will with impunity, secretly incarcerate and kill American citizens without due process, lie to the courts, the public and anyone else who might ask embarrassing questions, weaken electronic communications on a global scale, intercept and alter electronic hardware to facilitate hard-wired public surveillance, secretly spy on the whole world by tapping into undersea and underground cables, manufacture and capture fake terrorists, and generally act as if they were a power unto themselves and completely above all laws on earth.

      That is exactly how a government and its agencies act when they're participating in a declared war.

      The only reason I can fathom, to keep the declaration of war a secret from the American Public, is that the American Public are, or are among, the declared (secret) enemy.

      Note that the NSA has un-officially declared the American Public as "The Adversary".

      By assuming this to be the case, nothing that the Feds or their Agents have done for the last decade, is out of the ordinary, or in any way strange.

      ---

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 2 Feb 2015 @ 9:19am

        Re: Re: NSA cooperation

        "Note that the NSA has un-officially declared the American Public as "The Adversary"."

        There's nothing unofficial about it.

        reply to this | link to this | view in chronology ]

        • icon
          GEMont (profile), 2 Feb 2015 @ 1:45pm

          Re: Re: Re: NSA cooperation

          Ah technicalities.... :)

          The USG's reclassification of the general American Public as the "Adversary" has not been broadcast on TV by the President or by any spokesperson from any federal agency, yet.

          I think the information became public only through the public services of Snowden and the Guardian.

          Thus, unofficial, technically.

          However, the general attitude of all federal agencies and in fact most state and city governments, has certainly expressed plainly that the reclassification is nearly universally understood to be in effect, by all authorities, nationally.

          I assume this is true for all Five Eyes Nations.

          Personally, I think the billionaires and career criminals that make up the membership of the current federal governments of the 5 Eyes Nations are simply too cowardly to admit to the public that they have reclassified them as the "adversary", because then the public would know who public enemy number one really was.

          The kind of "fight" these cowards like, is the kind where they get to use HE bombs, jets, tanks, and assault weapons and the opponent gets to use only sharpened sticks.

          The only kind of fight they like better, is the kind where their victim has no idea who is attacking them and thus cannot fight back at all. Which is pretty much the current situation on earth.

          ---

          reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.