from the can't-use-intelligence-if-you-can't-locate-it dept
The NSA’s desire to harvest as much data as possible lies at the root of its defense of the nearly-dead Section 215 collection. Although mostly useless, it is still being defended as a data collection the NSA needs to have around “just in case.” Data — lots and lots of it — is good and useful and helps locate terrorists. And, according to those running these collection programs, the only thing better than data is more data. Hence: “collect it all.” Hence, also: a gargantuan data center in Utah that is still in danger of losing its water supply.
“Collect it all,” proclaimed Keith Alexander, as the NSA amassed haystack after haystack with the needles seemingly little more than an afterthought. “Collect it all,” the analysts yelled back, frantically running haystacks through their analytic spinning wheels in hopes of appeasing King Alexander with the occasional production of counter-terrorist gold.
The Intercept’s cache of documents reveals not everyone in the NSA is so enthralled with haystack-building. Adding haystacks doesn’t aid in intelligence efforts. It just adds more hay. Sooner or later, everything bottlenecks at the analytic point. Worse, it adds to the amount of cleanup that must be done before the data can even be analyzed, as well as possibly removing “signal” while filtering out “noise.”
These (leaked) informal documents contain conversational discussions of intelligence topics that come from about as “everyman” a perspective as spooks sitting in a sea of servers can actually have.
From “Too Many Choices,” by the “SIGINT Philosopher:”
“Analysis paralysis” isn’t only a cute rhyme. It’s the term what happens when you spend so much time analysing a situation that you ultimately stymie any outcome. It’s what happens inside your grandfather’s brain while you wait endlessly him to make his move on the chessboard. It’s what happens when I stand in of the jams and jellies at the supermarket. And it’s what happens in SIGINT when we have access to endless possibilities, but we struggle to prioritize, narrow, and exploit the best ones.
A.k.a, the Netflix problem, for those more prone to stream entertainment then purchase jams and/or jellies. If nothing immediately stands out, the tendency to cycle through list after list of possibile choices results in more time spent looking for something to watch than actually watching something.
When lives are potentially on the line, adding more data makes it harder to find what you’re looking for in a timely fashion. Stack up enough hay, and more time will be spent examining and discarding false positives and negligible intelligence than will be spent looking at useful data that might point analysts towards an impending threat.
The SIGINT mission is far too pressing for many team-building activities or brain-storming sessions aiming to improve our organizational approach to analysis. At the same time, the SIGINT mission is far too vital to unnecessarily expand the haystacks while we search for the needles. Prioritization is key.
But this doesn’t seem to fit in with the NSA’s general approach to intelligence gathering. Nearly every program it runs is an effort to gather even more data than it already has. Every exploit it plants gives it another source for intel. Every new agreement it makes with foreign countries’ intelligence services gives it another set of haystacks to dig through. There is no apparent prioritization inherent in its intel gathering. Everything is potentially significant, but its significance can only be determined after it is collected and analyzed. The agency prefers collecting in bulk to targeting. It has been this way for years. So, it’s no surprise that those questioning this approach may find themselves doing the following: [Side note: this paragraph says some interesting things about the Section 215 program capabilities and comprehensiveness.]
Recently I tried to answer what seemed like a relatively straightforward question about which telephony metadata collection capabilities are the most important in case we need to shut something off when the metadata coffers get full. By the end of the day, I felt like capitulating with the white flag of, “We need COLOSSAL data storage so we don’t have to worry about it,” […] because getting the metrics for empirical evidence to review was so very difficult and, frankly, I’m still a little scarred by the experience.
The emphasis is “more hay,” not “better targeting.” And no one seems to know which collections are actually returning useful intel — at least not in an agency-wide sense.
There’s a running joke in the S3 community that we’ll only know if collection is important by shutting it off and seeing if someone screams.
And that screaming may only be because someone thinks their particular haystack-gatherer is useful, rather than it actually being useful.
Despite all of this incoming intel, terrorists are still evading the worldwide surveillance net cast by the NSA and its global partners. Officials tend to blame this on leaks, encryption, “going dark” — anything that doesn’t raise the uncomfortable possibility that the needles it’s looking for are already swimming through its massive haystacks. This isn’t because the NSA doesn’t know what it’s looking for. It’s because it can’t find what it’s looking for.
Snowden… noted in an interview with the Guardian that the men who committed recent terrorist attacks in France, Canada and Australia were under surveillance—their data was in the haystack yet they weren’t singled out. “It wasn’t the fact that we weren’t watching people or not,” Snowden said. “It was the fact that we were watching people so much that we did not understand what we had. The problem is that when you collect it all, when you monitor everyone, you understand nothing.”
Those in the analytic trenches seem to feel the NSA collects too much. Upper-level officials seem far less concerned. The NSA collects to collect. It collects “just in case.” This saves intelligence officials from the unlikely event of having to explain how a gap in coverage resulted in a terrorist attack. It’s CYA by massive data centers. The massive, overlapping collections are just as likely to result in an unthwarted terrorist attack, but it very pointedly won’t be because the NSA didn’t try.
Filed Under: collect it all, haystacks, needles, nsa, surveillance