NSA’s Bulk Data Collection Fail

The Privacy and Civil Liberties Oversight Board‘s just-released report doesn’t detail a single instance of the NSA’s bulk data collection leading to the foiling of a terrorist plot — for the simple reason that this oversight agency couldn’t find any — and yet, the mantra “to keep Americans safe” is incessantly uttered by  the NSA’s defenders whenever the wisdom (not to mention legality) of collecting pretty much every data bit generated by everyone, ever, is questioned.  (Well, once the NSA finally-sort of-almost-maybe admitted that’s what they might be doing — for your own good, of course. See how that one flies with Angela Merkel.)

With this latest report revealing that the NSA’s counter-terrorism claims have been wildly exaggerated, the data stockpile’s potential use for corruption ought also to get a closer look.  Even if 99.9 percent of NSA employees are 99.9 percent pure, a few bad-apple agents with ill intentions could partner with a few  bad-apple politicians or government officials — for the sake of symmetry, let’s pretend there are only a few — and use the available data for blackmail, coercion, or the kind of anonymous leaks that send political enemies scrambling for rehab or other cover.

As for the claim that no NSA agent could improperly access such data without others knowing about it, there is an obvious answer:  Edward Snowden.

Equally absurd is the assumption that the NSA would or could know about all misuse of data — or that the NSA’s assurances that no abuse has occurred are in any way meaningful.  Last time I checked, the reason blackmailers are often successful is that the victim cannot reveal the blackmailer without revealing whatever it was that made the victim blackmailable in the first place.

What?  500 phone calls last month to ‘Bunny’?  Sure,  I can explain that.  Yeah . . . that’s a nickname for my . . . uh . . . accountant.

So perhaps it’s time, despite the president’s assurances about the necessity of bulk data collection,  for the NSA to focus on targeted data-gathering and analysis instead, and to make sure the pertinent results are promptly shared with other law enforcement agencies.  After all, in piling up its mountainous haystack of all cyber data that was, is (and ever shall be, if the NSA prevails against its critics),  the NSA seems to have missed a few needles — in fact, every needle of late.

With more selective data and analysis, the NSA might, for instance,  have come across the Tsarnaev brothers perusing an online magazine for the do-it-yourselfer terrorist, checking out the helpful “How To” page for making pressure-cooker bombs.  Alerted law enforcement agencies might subsequently have flagged their purchases for the “ingredients,” and a pre-Boston Marathon arrest could and should have occurred.

Tragically, no such arrest was made. In today’s uber politically correct climate, it is apparently considered “Islamophobic”  to focus our data-culling on the places where terrorists tend to “hang out” — in both the cyber world and the real world.  Even though the Russians had earlier warned the FBI about the Tsarnaevs’ family ties to Chechen rebels and the elder brother’s six known visits to an Islamic militant in the Russian republic of Dagestan,  that info wasn’t considered compelling enough to tap not only into their particular data stream, but to actually pay attention to where they were swimming in tha stream. Instead, various Tsarnaevs were interviewed by various FBI agents.  The apparent gist:

Are you  terrorists?

No.

Oh.  OK.

How else to explain that shortly thereafter, when the brothers were learning to cook with nails and ball bearings, no one in the we-need-your-data-to-protect-you trade was paying attention?  (And we worry that Snowden has tipped off the bad guys??)

Likewise, our data-gatherers were also spectacularly incurious about  an Air Force major who ordered business cards online that described him as a  “Soldier for Allah,” and was email pals with radical Islamist Anwar al-Awlaki.  Before it became “insensitive” to keep tabs on folks who might, by virtue of behavior, travel patterns and cultural or religious affiliations, have a higher probability of being terrorists than, say,  little old ladies from Milwaukee flying to visit great grandchildren, this sort of behavior, like collecting recipes for pressure cooker bombs,  might have sparked some serious, and prolonged, investigation.

But we don’t have to go back that far to find an example of the bulk data collection FAIL. On Jan. 24, police in Pennsylvania arrested a Russian teenager whose suitcase housed  a “weapon of mass destruction” – a bomb.  The Penn State University student reportedly built it from online purchased parts, but the police weren’t searching through his belongings in response to an NSA tip about his online activity.  They weren’t looking for a bomb at all – they were looking for pot as part of a drug investigation, and serendipitously stumbled across his other hobby.  To the original drug charges, police have added “possessing a weapon of mass destruction, risking a catastrophe, possessing instruments of crime, prohibited offensive weapons, incendiary devices, [and] recklessly endangering another person.”

So here we have another young Russian buying his terrorist wares online, and yet the NSA didn’t flag him or his online purchases.

The question is, within the mega haystack of NSA data, how many other needles have escaped notice?  And why have so many of our politicians and talking heads failed to notice that the NSA hasn’t produced a single instance in which their massive data sweep has led to the prevention of an attack?  It’s time for lawmakers to take the recommendation of the PCLOB and shut down the bulk collection of all Americans’ data, an egregious violation of the Fourth Amendment, and for the NSA to focus its full attention on the sites and behavior patterns common to terrorists.  Sometimes less is more.

If Only My Devices Came with a Switch Labeled “Cloaking Mode”

Fascinating interview here with cryptographer/security expert Bruce Schneier, who is helping The Guardian analyze the huge number of documents bequeathed it by NSA whistle-blower Edward Snowden.  (Or traitor, if you prefer.  I don’t — not yet, anyway.) Schneier argues that the potential ramifications of the NSA’s all-seeing eye are far more disturbing than most citizens realize:

They’re not just spying on the bad guys, they’re deliberately weakening Internet security for everyone—including the good guys. It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create. Additionally, by eavesdropping on all Americans, they’re building the technical infrastructure for a police state.

We’re not there yet, but already we’ve learned that both the DEA and the IRS use NSA surveillance data in prosecutions and then lie about it in court. Power without accountability or oversight is dangerous to society at a very fundamental level.

Yup.  He’s also right that His Five Tips  for protecting ourselves from government intrusion are neither simple, nor practical.  I’ve read about the encryption hoops Laura Poitras had to jump through when first contacted by Snowden.  The security procedures he insisted on didn’t sound like something the average person has the money, patience or technical know-how  to do.  Heck, I’m so “average” I can’t even figure out how to get the “Recent Posts” widget to work in the sidebar of ChickCurmudgeon.  The fact that four widgets do appear properly — most of the time — is no sign of waning widget-impairment either; I have no clue why they’re working.

If interested, more reflections on the NSA’s attempts at Snowden-mitigation are in my blog posts “On Truth and Fantasies” and the third section of “Oh, What a Tangled Web They Weave . . . ” and include a link to the NYT profile of Poitras.  Is it possible a spy thriller based on her experiences isn’t already in the works?

These are scary times, but Schneier, who will be writing future articles on the material he’s been analyzing, has a wise practical suggestion:

The Internet has become essential to our lives, and it has been subverted into a gigantic surveillance platform. The solutions have to be political. The best advice for the average person is to agitate for political change.

I have one for him too, if he hasn’t already done it:  hire bodyguards.

On Truth and Fantasies

The government’s forensic investigation is wrestling with Snowden’s apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren’t authorized to discuss the sensitive developments publicly.

The disclosure undermines the Obama administration’s assurances to Congress and the public that the NSA surveillance programs can’t be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA’s own tripwires and internal burglar alarms, how many other employees or contractors could do the same? ~Goldman & Dozier

“The abuse is rampant and everyone is pretending that it’s never happened, and it couldn’t happen. … I know [there was abuse] because I had my hands on the papers for these sorts of things: They went after high-ranking military officers; they went after members of congress — Senate and the House — especially on the intelligence committees and the armed services committees, lawyers, law firms, judges, State Department officials, part of the White House, multinational companies, financial firms, NGOs, civil rights groups …”  ~ Russ Tice, NSA agent from 2002-2005, quoted by Michael Kelly.

***

Here’s the question  I would love to ask our top NSA officials and their government handlers,  if I could get them all in a room and lock the doors:  Are you guys even capable of  giving a straight, unparsed, and truthful answer to any question, or are you so far gone that Truth isn’t even a category you recognize?

It’s been obvious for some time that the NSA doesn’t know what Snowden has – their denials of specific surveillance capabilities and abuses have several times been followed by the release of purloined NSA documents which utterly discredit their denials. The fact that they’re backtracking now, albeit through anonymous officials,  shows only that their strategy of last resort is one of incremental honesty: tell the least amount of truth possible, and only when not doing so would be farcical.

In following the Snowden story and reading up on the NSA’s reaction to past whistleblowers, it’s clear a game is being played, and so far, the NSA has won every round.  If allegations of abuse survive past the instant excoriating of the source, unequivocal denials are made . . . . Don’t be silly — we don’t have the capability for that level of surveillance — you must be filling you head with too many of those Hollywood spy flicks.  The implication is clear: such questioners are fanciful and none too bright.  Then, should incontrovertible evidence surface, most recently thanks to a 29-year-old-high-school-dropout-loser, the narrative, typically  from “unnamed sources,” switches to, Well, of course the NSA spied on so & so or such & such.  Hellooo  — everybody knows that.  It’s an “open secret” and this IS a secret agency.  Where have you been all this time, you silly goose?

I wonder: do the rules of high school cliquedom ever really expire?  At any rate, reporters often fall for that ploy —  the desire not to look stupid or naive usually trumps the urge to be morally outraged at being  lied to.    If enough reporters show signs of persisting with their bothersome questions, the terrorism card is pulled out:   We’ve got real bad guys to catch, you know.  This is a serious business we’re in, and you’ll be mighty sorry if you distract us from that. Remember 9-11?  Now go and play elsewhere . . . So journalists tend to quit digging, underplay the abuse-of-power revelations in their stories  and pass that don’t-be-a-rube feeling onto their readers.

Going back to my little scenario at the beginning of this post: I’m not naïve enough to imagine I’d get an honest answer to my question, or even some decent squirming.  But if these allegations don’t go away, and the popping up of confirming documents becomes bothersome enough, I’m just rube enough to hope that  the NSA’s leaders might eventually opt for the most radical strategy of all – telling the whole truth, taking the consequences, and submitting to real oversight.

I know it’s a fantasy, but it’s not as if there isn’t a lot of that going around already.