Sunday, June 16, 2013

NSA's domestic programs

Fascinating piece by Barton Gellman in today's Washington Post looking at NSA's domestic monitoring programs and how they have evolved since 2001 ("U.S. surveillance architecture includes collection of revealing Internet, phone metadata," Washington Post, 16 June 2013).

The article identifies four major programs related to domestic monitoring in the United States:
  • MAINWAY, which collects the telephone metadata of people in the United States. The collected data reportedly include "phone numbers dialed and length of call but not call content, caller identity or location information". According to the U.S. government the data may be "queried" only when there is "reasonable suspicion" that "an identifier is associated with specific foreign terrorist organizations". The government statement does not specify whether the data are also subjected to computerized network analysis in order to help determine "identifiers" that may be associated with those organizations.
  • MARINA, which collects internet metadata. According to the Washington Post, "MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls. The NSA calls Internet metadata 'digital network information.' Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects."
  • NUCLEON, which intercepts the content of telephone calls. This program reportedly works on a much smaller scale than the first two. It probably only captures the telephone calls of specific individuals who have already been identified as suspects in on-going investigations.
  • PRISM, which accesses internet content (e-mail, chat texts, search histories, Skype data, data stored in "the cloud", etc.) contained in the data stored by major internet services such as Google and Facebook. These data are reportedly also accessed only with respect to specific individuals or perhaps groups of individuals or organizations.
Other programs, such as those that monitor the data streams at various communications choke points, also likely collect data that sometimes include U.S. domestic communications.

As with CSE, extensive privacy rules are in place to govern NSA's operations, but the details of these rules and the exceptions they may contain are secret.

It is interesting to speculate about how closely CSE's operations may parallel those of the NSA. CSE works extremely closely with the NSA, is interested in much the same kinds of information, and shares technology and techniques. At the same time, however, it does operate under a different legal regime. And the policy authorities in Canada may not always share the views of our southern neighbours as to what kinds of activities are either necessary or appropriate.

Still, it would probably be helpful to look closely at the NSA programs when trying to figure out what kinds of activities CSE may be conducting with respect to Canadian communications.

Those looking for an excellent background introduction to the NSA and its current activities should check out Matthew Aid's recent article ("Inside the NSA: Peeling back the curtain on America's intelligence agency," The Independent, 13 June 2013).

[Update 5:20 pm 16 June 2013: More on NSA domestic surveillance and the privacy rules that may or may not be in place (Declan McCullagh, "NSA spying flap extends to contents of U.S. phone calls," CNET, 15 June 2013).]

2 Comments:

Blogger CWC said...

"The Internet" is almost a domestic probram...this story actually has me worried. Dunno why I didn't see it coming. I think *I* trust the Americans to run the show more than anyone else to run it.

http://www.schneier.com/blog/archives/2013/06/blowback_from_t.html

June 17, 2013 5:33 pm  
Blogger Bill Robinson said...

I get the sense that everyone is moving towards the model of collect everything and then govern access through various legal and oversight regimes. The US, Canada, and a few other countries probably will have much better controls than most; in many places there will likely be no safeguards at all. But even in our case an open debate of where to draw the line is essential.

Check out this recent statement by the Chief Technology Officer of the CIA: "It is nearly within our grasp to compute on all human generated information." (Slide 63 here)

June 18, 2013 9:38 am  

Post a Comment

<< Home