Saturday, March 25, 2006

CSE role in hostage hunt?

The Globe and Mail reports (Jeff Sallot, "Free, with help from Canada," Globe and Mail, 24 March 2006) that the Communications Security Establishment was among the agencies involved in the multinational operation that rescued the three members of Christian Peacemaker Teams who were being held hostage in Iraq. JTF 2, the RCMP, CSIS, and the Department of Foreign Affairs are also said to have been involved in the UK-US-Canadian operation. No word on what specific contribution CSE may have made or attempted to make.

Sunday, March 12, 2006

Is network analysis the big secret?

Patrick Radden Keefe (author of Chatter) speculates in the New York Times ("Can Network Theory Thwart Terrorists?", New York Times, 12 March 2006) that the National Security Agency's highly controversial warrantless-eavesdropping program (previously blogged about here) may be using network theory to analyze the nodal points and linkages in communications patterns and thus identify which communications may be of greatest interest to the intelligence community.

Al Queda network"During the last decade," Keefe reports, "mathematicians, physicists and sociologists have advanced the scientific study of networks, identifying surprising commonalities among the ways airlines route their flights, people interact at cocktail parties and crickets synchronize their chirps. In the increasingly popular language of network theory, individuals are 'nodes,' and relationships and interactions form the 'links' binding them together; by mapping those connections, network scientists try to expose patterns that might not otherwise be apparent.... Given the difficulty of identifying elusive terror cells, it was only a matter of time before this new science was discovered by America's spies."

The interesting thing about network analysis—at least in its initial stages—is that it does not require that the actual content of the communications or other connection be analyzed: it is the connection itself that matters. The information that might be collected for analysis with respect to telephone calls, for example, includes such items as the initiating phone number and its physical location, the recipient phone number and its physical location, the time the call was made, and the call's duration. By analyzing the other numbers called by those phones, and the numbers subsequently called by the recipients of those calls, and so on, a whole communications network might be mapped out. Billions of phone calls are made around the world every day. In principle, at least, the SIGINT agencies might be able to determine valuable information about the extent, structure, and operations of the Al Qaeda network (and other SIGINT targets) by collecting and analyzing this information and similar data for faxes, e-mail, text messaging, etc.

I'm a little skeptical about the suggestion that this is a "new science" that the NSA and its counterparts are just discovering. What we're talking about here is a form of traffic analysis (which Keefe, surprisingly, never mentions in his article). I'd always assumed that they were doing a lot of this kind of analysis all along. But maybe I'm just showing my ignorance. In any case, it is certainly true that network theory is an advancing discipline, and the growing insight into the functioning of networks, the improvements that have been taking place in the algorithms available for network analysis, and the ability to integrate non-communications-related information into the analyses may well justify treating this as a new intelligence technique.

NSA use of this technique may account for some of the legal shenanigans of the recent past. As Keefe comments in his article, "the use of such network-based analysis may explain the administration's decision, shortly after 9/11, to circumvent the Foreign Intelligence Surveillance Court" with respect to cross-border communications to or from the United States and domestic communications entirely within the United States. (Communications that are entirely foreign have always been outside the FISA court's remit.) The FISA court, he notes, "grants warrants on a case-by-case basis, authorizing comprehensive surveillance of specific individuals. The N.S.A. program, which enjoys backdoor access to America's major communications switches, appears to do just the opposite: the surveillance is typically much less intrusive than what a FISA warrant would permit, but it involves vast numbers of people."

Traffic analysis, or network analysis if you prefer, is indeed a much less intrusive form of monitoring than wholesale eavesdropping (and a lot more practical given the resource limitations facing even the huge NSA). But it is still possible to harbour efficacy, privacy, and due process concerns about such a program. Reports have suggested that the NSA program generates vast numbers of "false positives", possible links that are in fact meaningless. Following up these phantom links is apparently tying up vast amounts of the FBI's investigative resources, arguably undermining its counterterrorism efforts. In the meantime, the program has been subjecting thousands of entirely innocent people to secret suspicion, possibly with serious consequences for their ability to travel, get sensitive jobs, etc. (see, e.g., Lowell Bergman, Eric Lichtblau, Scott Shane & Don Van Natta Jr., "Spy Agency Data After Sept. 11 Led F.B.I. to Dead Ends," New York Times, 17 January 2006, and Barton Gellman, Dafna Linzer & Carol D. Leonnig, "Surveillance Net Yields Few Suspects," Washington Post, 5 February 2006).

And even if, in the final analysis, the program is both a limited, justifiable invasion of privacy and an effective use of resources, many people (myself included) do not believe that the Bush administration was justified in ignoring U.S. law (or, even worse, concocting a transparently self-serving and positively dangerous fig leaf of legality that essentially asserts unlimited presidential powers) in order to implement it.

Canada demonstrated with the post-9/11 passage of Bill C-36 that it is possible to amend eavesdropping laws, at least with respect to cross-border communications, without unduly tipping off the targets of that eavesdropping. (Unless of course it did tip them off, which I am not aware of anyone claiming.) Extending such operations to include the data-mining of domestic communications, if that actually is what the NSA has been doing, might be a different matter, although there too I suspect changes to eavesdropping laws could have been made in a sufficiently generic way to avoid giving any specific guidance to Al Qaeda communicators. The real concern of the Bush administration was probably that Congress might not have approved such a massive extension of government monitoring.

The cross-border/domestic distinction also raises questions for Canada. Canada's Bill C-36 did not, as far as I can see, create a legal road for CSE to conduct a far-reaching traffic analysis (let alone intercept) program for Canada's domestic communications. Nor, as far as I can tell, does the CSIS Act do so for the Canadian Security Intelligence Service. So what's happening in this country? Did the Canadian government decide that such a program was not justified in Canada (even in the face of what must have been considerable pressure from NSA)? Are we conducting a secret illegal program of our own? I doubt that possibility. Or does the collection of "pen register"-style information, the basic stuff for traffic analysis, not require warrants under Canadian law? I suspect it does these days, but one of the many things I'm not is a lawyer. Interestingly, Bill C-74, which died on the Order Paper last December, explicitly included "related transmission data or other ancillary information" in its definition of "communication", something that the other statutes related to the interception of communications do not do.

Questions, questions.