by emptywheel
A few more details of the NSA spying program are beginning to leak out. I'm going to guess, based on the details we've got, that this program is some kind of reverse data mining project. That they're taking the laptops and cell phones captured from known Al Qaeda figures and from that hardware, developing a data profile of a "typical" Al Qaeda operative. Then, they're doing massive data mining in the US and overseas. And tapping people who fit the profile of that "typical" Al Qaeda operative.
It's clear now that one of the two remarkable aspects of this program is its new technology (the other being the warrantless search). Former Senator Bob Graham said he didn't remember any mention of warrantless searches. What struck him, from his briefings on the program, was the notion we were using new technology.
Former senator Bob Graham (D-Fla.), who chaired the Senate intelligence committee and is the only participant thus far to describe the meetings extensively and on the record, said in interviews Friday night and yesterday that he remembers "no discussion about expanding [NSA eavesdropping] to include conversations of U.S. citizens or conversations that originated or ended in the United States" -- and no mention of the president's intent to bypass the Foreign Intelligence Surveillance Court.
"I came out of the room with the full sense that we were dealing with a change in technology but not policy," Graham said, with new opportunities to intercept overseas calls that passed through U.S. switches. He believed eavesdropping would continue to be limited to "calls that initiated outside the United States, had a destination outside the United States but that transferred through a U.S.-based communications system."
Senator Rockefeller said something similar--but more telling--in the CYA letter he released today.
As you know, I am neither a technician or an attorney. Given the security restrictions associated with this information, and my inability to consult staff or counsel on my own, I feel unable to fully evaluate, much less endorse these activities.
As I reflected on the meeting today, and the future we face, John Poindexter's TIA project sprung to mind, exacerbating my concern regarding the direction the Administration is moving with regard to security, technology, and surveiliance.
Rockefeller complains that he's not a technician, echoing Graham's technical comment. Then Rockefeller mentions Pondexter's TIA program, a system that proposed to use massive data mining to profile and find potential terrorists. But the problem described with this TIA program--and with Able Danger, another data mining surveillance program--is that you don't know what a "hit" is. You don't know what the profile of a terrorist is, so you don't know what you're looking for as you data mine.
Well, the NYT story on this program suggests they may be working from the opposite direction to define what their "hits" are going to be. You see, the program started accelerating as they collected more hardware loaded with data that might help form a "typical" profile of an Al Qaeda operative.
What the agency calls a "special collection program" began soon after the Sept. 11 attacks, as it looked for new tools to attack terrorism. The program accelerated in early 2002 after the Central Intelligence Agency started capturing top Qaeda operatives overseas, including Abu Zubaydah, who was arrested in Pakistan in March 2002. The C.I.A. seized the terrorists' computers, cellphones and personal phone directories, said the officials familiar with the program. The N.S.A. surveillance was intended to exploit those numbers and addresses as quickly as possible, they said.
And this is where the NYT story gets a little vague. The searches are based on people "linked" to Al Qaeda--but linked in what way?
Since 2002, the agency has been conducting some warrantless eavesdropping on people in the United States who are linked, even if indirectly, to suspected terrorists through the chain of phone numbers and e-mail addresses, according to several officials who know of the operation. Under the special program, the agency monitors their international communications, the officials said. The agency, for example, can target phone calls from someone in New York to someone in Afghanistan.
I'm proposing it's not an indirect link to Al Qaeda, that the NYT is using this language to shield the technical details (if these people were really linked to Al Qaeda, the FISA warrant would be a cinch). I'm proposing that it's a link of similarity. They find the communication patterns of a known Al Qaeda operative, and they start monitoring everyone who has similar communication patterns.
Which would explain why they needed to start monitoring large numbers of people at once.
Those involved in the program also said that the N.S.A.'s eavesdroppers might need to start monitoring large batches of numbers all at once, and that it would be impractical to seek permission from the Foreign Intelligence Surveillance Court first, according to the officials.
Here they're claiming that the numbers are too onerous to get warrants for all the monitored numbers. Elsewhere they claim it's a time issue (which we know to be false, since you can get emergency taps under FISA). I'm suggesting the real issue was they couldn't defend tapping all those numbers at once since the only thing that connected them was a pattern of similarity, not probable cause.
Which explains why Bush wanted to hide the program. It's data profile layered on top (I'm guessing) of racial profiling divorced from any probable cause. Which is why they're finding people with dubious ties, if any:
But they said most people targeted for N.S.A. monitoring have never been charged with a crime, including an Iranian-American doctor in the South who came under suspicion because of what one official described as dubious ties to Osama bin Laden.
Is it possible the dubious ties are as little as a fondness for a take-out joint favored by suspected Al Qaeda operatives? The same gym? Friends in the same province of Iraq?
It's a kind of unreasonable search never imagined by our forefathers ... but one I'm sure they'd consider unreasonable nevertheless.
Check out the Jonathan Alter column in Newsweek, posted at the MSNBC site late this afternoon.
Alter reports that on December 6th, Bill Keller and Sulzberger met with Bush in the Oval Office for a knock down drag out fight over the publication of the NYTimes article. The idea was, apparently, for Bush to convince them not to publish. I have been mulling this one over, and have still to go back to December 6 and get the context. but at least it is now fairly clear that this burst of speechmaking over the last two weeks may well have been a pre-emption of the impending article. As of the 6th, Bush knew his goose was about to get cooked in a very hot oven. Alter has a simple but vital scoop on this important story.
Just finished watching a re-run of the Democratic response to the Bush Press Conference on C-Span. Levin, and Feinberg. They made a couple of things clear -- Two sets of hearings -- intelligence and Judicary need to be held, Gonzalas should not be permitted anywhere near any investigation -- and yes, they may need to think about a special counsel but only after Congressional Investigations collect necessary basic factual evidence. It will re-run -- watch it.
Posted by: Sara | December 19, 2005 at 23:11
The kind of data mining you insightfully suggest is actually not a bad approach, in an abstracted way (like if you are thinking about searching for web pages, or other objects without civil rights), if you have a good "secondary screen" to go through all the false positives you will generate. But to do it you need a database of everyone in the country's phone records (and preferably, email and web habits) to do your search on. Does a gov't agency keep such a database? (...as far as we know?)
Posted by: emptypockets | December 19, 2005 at 23:14
Nicely done EW
I stopped by to give you a belated response to your Novak question and read your last 2 entries. I was looking at data mining to be the issue here as well, but you've really got me thinking about the scope of this program. I wonder how many degrees of separation are in play.
On the Novak thing, I wrote you back on the FDL thread, but doubt you saw it.. I could barely find it. Anyway, here is what I wrote
Novak did use the term again.
This is an interesting interview, in it Novak repeats his claims but he was trying to cover his butt on his use of the word operative and talked more than he should have. He stated
That must have Rove saying more that "I heard that too"
He also mentions several times that he was given her name by the SAO.
Posted by: pollyusa | December 20, 2005 at 00:16
Marshall also had the suggestion that the NSA was sweeping up tons of conversations and then would go back retroactively and look at everything someone had said when they thought they had got a hit. Certainly no warrant would be given for that. I have no idea whether it is even possible to do that, but it is clear that whatever can be done, will be done by this crowd.
Posted by: mimikatz | December 20, 2005 at 00:56
Does a gov't agency keep such a database? (...as far as we know?)
Lots of DC people in both parties were shocked to fully realize, after 9/11, how little information (in the modern AND old fashioned senses of that word) the government actually had on people, while private industry (so to speak!) had these huge, detailed, modern databases with information on hundreds of millions of people. God knows what has happened since. We'd better get educated about it no matter who's in office, but especially with the varmits we have now.
Posted by: jonnybutter | December 20, 2005 at 01:43
Does a gov't agency keep such a database?
That depends on whether you think the DoD really dropped the Poindexter plans for Total Information Awareness. Personally, I think TIA was almost certainly continued under another name. This would certainly fit with EW's well-thought-out scenario.
Given how hard the administration worked to prevent word of this eavesdropping getting out, how long the Times sat on the story, and how concerned members of Congress are (witness the Rockefeller letter), we may be on the verge of one of those scandals that John Dean described in Worse Than Watergate actually getting enough traction to reduce the illegalities.
Or, alternatively, Bush may manage to bring home enough troops and reduce the price of gasoline enough that the American public goes back to sleep. It'll be interesting to see which.
Posted by: Chuck Dupree | December 20, 2005 at 01:54
Like Polly I've also been wondering about the Scope of this program. I would guess that whomever leaked the story to the NY Times reporters was very careful and provided minimum details.
I also wonder if the the visit to the Oval Office resulted in a watering down of the story.
Tonight Tom Daschle, stated that the White House “omitted key details” from him related to the NSA interception program, directly contradicting statements by President Bush that Congress was fully informed.
My take...we've just touched the surface. Going to be some sleepless night in DC.
Posted by: SteveH | December 20, 2005 at 01:54
The technology is available today to stream millions of electronic communications (phone, fax, internet) into in-memory databases and in real-time filter based on key words and other patterns (voice recognition algorithms). So, the NSA does not have to collect and store all the communications and then retroactively do the pattern matching.
A good analogy is setting alerts on your favorite stock trading system, like say, Fidelity. You can configure the system to alert you when the price of Disney stock trades over $30.
This is similar. An NSA analyst can configure the system to alert him when there is any communication from the US to Afghanistan with some code words. At that point the analyst can see all the details of that flagged message, like origin location of call, the telephone number, who the number is listed for, the called party and their location and more importantly could also listen in on the call and have it automatically recorded for further analysis.
This type of "dragnet" surveillance of all electronic communications has been done overseas and on foreign embassies here in the US for many years. The Europeans and the UN have been up in arms about being spied on by the US. During the 90s others were concerned we were using it for industrial esponiage. A specific case was the apparent eavesdropping on European officials and Airbus officials discussions on sales and pricing strategies.
What is different is this type of broadbased monitoring of US citizens in the US is not covered under current law. Bush changed that by directly authorizing the NSA to turn the switch on and start spying on Americans' communications. Obviously, someone at the NSA felt this was illegal and tipped off the NYT. What puzzles me is why they held on to it for a year and then decided to publish this despite some arm twisting by Bush himself.
I believe, the technology line is a red herring as such technologies are well understood in the tech community and many of the tech companies that are selling such products to the NSA also sell into the commercial marketplace.
Posted by: Mike | December 20, 2005 at 04:08
Arrest the Police State
It is a clear, word-perfect violation of the 4th Amendment (and is thus an “unreasonable search”) to monitor a US citizen’s phone conversation without a warrant being issued.
This is the gravest crisis in American history excepting only our birth and our civil war. The president is not above the law; his action by spying on US citizens with no warrant removes at a stroke the linchpin of Federal and State Judicial Branch protections. We will need move the very machinery of the law to prevent Bush from reaching his goal: a “christian” corporate despotism while casting himself as Big Bother. Call in every favor ever owed you from anybody powerful, print out your thoughts about this and make “Arrest the Police State” signs, and mail these to your representatives. Hundreds of thousands of us need to speak out right now in defense of law and Constitution, this very week.. and fight this out. This is it folks, it’s us or them.
I know, OK, so I’m repeating myself.
“Arrest the Police State!”
Posted by: the cubist | December 20, 2005 at 04:18
Mike
I think the technology is in a novel approach to data mining, not in the actual eavesdropping equipment. I, like you, just assume the eavesdropping equipment is a given.
The point is we're looking for something that's most alarming aspect is technological. I'm arguing it's a new application of data mining, probably one that real data miners would argue rely on too little data to show meaningful patters (which gets to ~pockets' comment--data mining itself is not a bad idea, data mining where you impose pattern on ill-chosen data is).
~pockets
I think I was at once too generous and too specific in my guess of the kinds of searches they're doing. My guess is that they're developing a profile. But rather than searching on a specific takeout joint or a specific gym, they're searching on frequent use of takeout food, member of gym, attends mosque with fundamentalist Imam. And finding everyone who meets that criteria and also calls, say, a particular city in Iraq.
Posted by: emptywheel | December 20, 2005 at 07:29
to all, thanks for thoughtful responses. The consensus I'm hearing is that the technology exists to monitor all communications leaving the U.S. simultaneously & red-flag any U.S. phones that call a specific set of overseas numbers and possibly use certain keywords in the conversations themselves (note that this implies "they" are ALREADY eavesdropping on ALL conversations, though possibly they would argue this is in a computerized way and is different than having a human agent review the conversations; Google has made this argument to excuse the way Gmail auto-scans your inbox for keywords in order to pick Google ads to show you).
This is weak data-mining -- it is not really data-mining at all. It is just setting a trap on certain overseas numbers.
If I were going to do this, I would take the phone records of a few hundred known terrorists who had been living in the U.S., and have some software able to scan them for patterns -- frequency of calls, time of day of calls, order of calls -- over many months of data. Then I would search a database of all U.S. calls that basically has the following fields: originating number, destination number, time of day, length of call. For this kind of scan you would want those 4 fields of data for EVERY call made in the U.S. going back a few years. It would be a tremendous dataset and I am inclined to agree that it would take a private contractor to deal with it -- the gov't has not been able to attract the kinds of bright young minds that Google has. But my mind is still boggling over the size of the dataset you'd be searching, and the notion that this information is even collected in a centralized way -- that somewhere in a file cabinet next to Arlo Guthrie's fingerprints is a file drawer with a disk containing a log of every call made in the U.S., who it was to, when it was made, and how long it lasted. A private company wouldn't have the means to collect that data (I don't think) which would mean the U.S. would have needed to start working with the supposed contractor at least a few years ago just to collect the data needed to do this kind of analysis...
on Law & Order (or NYPD Blue) when they say, "dump the guy's phone records" does anyone know where they're dumping them FROM?
Posted by: emptypockets | December 20, 2005 at 08:29
If an extraordinary intelligence capability is an important part of this story, I hope there is a way to keep it secret while ensuring that the Administration is taking proper precautions and receiving necessary oversight.
I can't decide if this is or isn't a large red herring.
Posted by: kim | December 20, 2005 at 09:39
kim
If what I'm arguing is right, then it's not an extraordinary intelligence capability yet.
Data mining works, just like stats works (and on similar principles). But you've got to have an N, a set of data, that is sufficiently large to get a meaningful pattern. And I'm guessing that's the point--that's why this wouldn't pass a FISA review (remember, apparently Able Danger and TIA did pass some reviews, which suggests they're not opposed to data mining in principle). Because you're violating the very concepts that make data mining viable.
Posted by: emptywheel | December 20, 2005 at 10:22
The successor to TIA is MATRIX which is an infomration exchange system which works at the state level in about ten states. This combined with commercially available databases may have been the data pool for the reverse data mining. My guess is that the subcontracted process looked at broader criteria across decentralized databases and then passed the hits to the NSA proper for monitoring.
Posted by: peanutgallery | December 20, 2005 at 10:52
I saw Poindexter speak on TIA at a conference a year and a half ago, and he as much as said it was not cancelled in toto, but portions at least were moved to the "classified" part of the budget; it sounded as though little changed except for oversight. He did say the bit of TIA regarding privacy protection was defunded but he was "optimistic" it would (eventually) be restored. He was "fired" and went to a private corporation consulting with the government on, well, he couldn't tell us exactly because it was classified, too, but what he could tell us seemed remarkably of a piece with what he'd been doing all along.
Posted by: tigrismus | December 20, 2005 at 11:36
There's been some weird discussion of the need to monitor traffic that originates and terminates outside of the U.S., but transits through the U.S. I find it hard to believe that it would be difficult to get a FISA warrant in that scenario, since the NSA pretty much has free reign on communication outside the U.S. (even involving U.S. citizens). On the other hand, all this talk of new technical capabilities (esp. Graham's comments) makes me think that there is another sort of bamboozlement going on here. Try this tinfoil hat theory on for size. If you think about the "border search" exception to the 4th amendment prohibition of warrantless searches, you could effectively gut the 4th amendment if you had a way of forcing someone's communication to go outside the U.S. Maybe what these bozos are really doing is identifying "suspected terrorists" and then coopting the telcos and isps into routing all their electronic communications outside the U.S., thus allowing the NSA to "legally" search it.
Posted by: William Ockham | December 20, 2005 at 12:50
EW
You are absolutely correct, its about the patterns that they are trying to match. What is the filter they are using to flag communications of US citizens in the US?
If recent disclosures about the Pentagon and FBI surveillance databases say anything then the pattern matching would have been fairly broad to entrap large sections of Americans perceived to be a threat to the Administration.
They could not get FISA warrants since they did not have probable cause against a specific individual. It was a broad pattern matching expedition on the communications of many US citizens.
Posted by: Mike | December 20, 2005 at 13:22
William
That is an interesting suggestion...
Posted by: emptywheel | December 20, 2005 at 13:37
William,
The answer may be that the communications of US citizens, while out of the country, would go through Fort Meade MD (location of the NSA). According to this Wikipedia article on ECHELON,
Each member of the UKUSA alliance is assigned responsibilities for monitoring different parts of the globe. Canada's main task used to be monitoring northern portions of the former Soviet Union and conducting sweeps of all communications traffic that could be picked up from embassies around the world. In the post-Cold War era, a greater emphasis has been placed on monitoring satellite, radio and cellphone traffic originating from Central and South America, primarily in an effort to track drugs and non-aligned paramilitary groups in the region. The United States, with its vast array of spy satellites and listening posts, monitors most of Latin America, Asia, Asiatic Russia and northern China. Britain listens in on Europe and Russia west of the Urals as well as Africa. Australia hunts for communications originating in Indochina, Indonesia and southern China. New Zealand sweeps the western Pacific.
By Asia I assume they include SW Asia, AKA the Middle East.
Also, I wonder if there are issues regarding the use of cellular and satellite phones? If you're talking on a satphone, your physical location isn't as important as the satellite off which you're sending and receiving the signal.
Maybe I'm completely off-base; I'm still catching up on some of this technology. But there's probably an issue with the fact that you bounce phone signals off multiple towers, you ping emails and ISP at multiple nodes, etc., and these junctures don't necessarily correspond to national borders in a clean way like copper wire networks do. If the idea is to follow these signals where they lead and figure out what's on the recieving end of the signal, regardless of whether there's any strong basis for believing the recipient(s) of calls or emails are associates of a suspected terrorist or terrorist organization, that's a great way to end up with a lot of searchs based on thin, dubious evidence and suspicion.
Posted by: DHinMI | December 20, 2005 at 17:39
Someone on another site said that all, or nearly all, e-mails go overseas, but someone else answered that it is largley chance. Maybe William is right that they have somehow routed all conversations overseas so that all can be gathered. Then they go back, if key words are triggered, and look at everything.
EW is right that there is something in here that is scary to Congress and to some of the people who were asked to do it, enough to send them to the NYT.
But another light just went off--someone said contractors? TIA went to the off-budget stuff? Does this tie in with Cunningham and especially Wilkes and his pal? Is that how they did this and got it hidden?
Posted by: Mimikatz | December 20, 2005 at 18:34
Well, there's a lot of money in NSA's budget to do this kind of stuff.
And frankly, while I think the Wilkes gig is covert ops in exchange for money to his shell companies, I don't think those covert ops are things that the US would pay for, at least in principle (that is, something that can be hidden within the hidden books). I suspect those covert ops are the ones more closely directed at "the enemies." You know, vegans and gay law students. Or maybe covert ops in Venezuela.
Posted by: emptywheel | December 20, 2005 at 21:27