Saturday, November 30, 2013

Privacy World's November 2013 Newsletter Issue 5Nov

Subject: Privacy World's November 2013 Newsletter Issue 5Nov

> N.S.A. Gathers Data on Social Connections of U.S. Citizens
> WASHINGTON --- Since 2010, the National Security Agency
> been exploiting its huge collections of data to create sophisticated
> graphs of some Americans' social connections that can identify their
> associates, their locations at certain times, their traveling
> companions and other personal information, according to newly
> disclosed documents and interviews with officials.
> The spy agency began allowing the analysis of phone call and e-mail
> logs in November 2010 to examine Americans' networks of associations
> for foreign intelligence purposes after N.S.A. officials lifted
> restrictions on the practice, according to documents provided by
> Edward J. Snowden, the former N.S.A. contractor.
> The policy shift was intended to help the agency "discover and track"
> connections between intelligence targets overseas and people in the
> United States, according to an N.S.A. memorandum from January 2011.
> The agency was authorized to conduct "large-scale graph analysis on
> very large sets of communications metadata without having to check
> foreignness" of every e-mail address, phone number or other
> identifier, the document said. Because of concerns about infringing on
> the privacy of American citizens, the computer analysis of such data
> had previously been permitted only for foreigners.
> The agency can augment the communications data with material from
> public, commercial and other sources, including bank codes, insurance
> information, Facebook profiles, passenger manifests, voter
> registration rolls and GPS location information, as well as property
> records and unspecified tax data, according to the documents. They do
> not indicate any restrictions on the use of such "enrichment" data,
> and several former senior Obama administration officials said the
> agency drew on it for both Americans and foreigners.
> N.S.A. officials declined to say how many Americans have been caught
> up in the effort, including people involved in no wrongdoing. The
> documents do not describe what has resulted from the scrutiny, which
> links phone numbers and e-mails in a "contact chain" tied directly or
> indirectly to a person or organization overseas that is of foreign
> intelligence interest.
> The new disclosures add to the growing body of knowledge in recent
> months about the N.S.A.'s access to and use of private information
> concerning Americans, prompting lawmakers in Washington to call for
> reining in the agency and President Obama to order an examination of
> its surveillance policies. Almost everything about the agency's
> operations is hidden, and the decision to revise the limits concerning
> Americans was made in secret, without review by the nation's
> intelligence court or any public debate. As far back as 2006, a
> Justice Department memo warned of the potential for the "misuse" of
> such information without adequate safeguards.
> An agency spokeswoman, asked about the analyses of Americans' data,
> said, "All data queries must include a foreign intelligence
> justification, period."
> "All of N.S.A.'s work has a foreign intelligence purpose," the
> spokeswoman added. "Our activities are centered on counterterrorism,
> counterproliferation and cybersecurity."
> The legal underpinning of the policy change, she said, was a 1979
> Supreme Court ruling that Americans could have no expectation of
> privacy about what numbers they had called. Based on that ruling, the
> Justice Department and the Pentagon decided that it was permissible to
> create contact chains using Americans' "metadata," which includes the
> timing, location and other details of calls and e-mails, but not their
> content. The agency is not required to seek warrants for the analyses
> from the Foreign Intelligence Surveillance Court.
> N.S.A. officials declined to identify which phone and e-mail databases
> are used to create the social network diagrams, and the documents
> provided by Mr. Snowden do not specify them. The agency did say that
> the large database of Americans' domestic phone call records, which
> was revealed by Mr. Snowden in June and caused bipartisan alarm in
> Washington, was excluded. (N.S.A. officials have previously
> acknowledged that the agency has done limited analysis in that
> database, collected under provisions of thePatriot Act
> <,
> exclusively for people who might be linked to terrorism suspects.)
> But the agency has multiple collection programs and databases, the
> former officials said, adding that the social networking analyses
> relied on both domestic and international metadata. They spoke only on
> the condition of anonymity because the information was classified.
> The concerns in the United States since Mr. Snowden's revelations have
> largely focused on the scope of the agency's collection of the private
> data of Americans and the potential for abuse. But the new documents
> provide a rare window into what the N.S.A. actually does with the
> information it gathers.
> A series of agency PowerPoint presentations and memos describe how the
> N.S.A. has been able to develop software and other tools --- one
> document cited a new generation of programs that "revolutionize" data
> collection and analysis --- to unlock as many secrets about
> individuals as possible.
> The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate
> for more weapons in the hunt for information about the nation's
> adversaries, clearly views its collections of metadata as one of its
> most powerful resources. N.S.A. analysts can exploit that information
> to develop a portrait of an individual, one that is perhaps more
> complete and predictive of behavior than could be obtained by
> listening to phone conversations or reading e-mails, experts say.
> Phone and e-mail logs, for example, allow analysts to identify
> people's friends and associates, detect where they were at a certain
> time, acquire clues to religious or political affiliations, and pick
> up sensitive information like regular calls to a psychiatrist's
> office, late-night messages to an extramarital partner or exchanges
> with a fellow plotter.
> "Metadata can be very revealing," said Orin S. Kerr, a law professor
> at George Washington University. "Knowing things like the number
> someone just dialed or the location of the person's cellphone is going
> to allow them to assemble a picture of what someone is up to. It's the
> digital equivalent of tailing a suspect."
> The N.S.A. had been pushing for more than a decade to obtain the rule
> change allowing the analysis of Americans' phone and e-mail data.
> Intelligence officials had been frustrated that they had to stop when
> a contact chain hit a telephone number or e-mail address believed to
> be used by an American, even though it might yield valuable
> intelligence primarily concerning a foreigner who was overseas,
> according to documents previously disclosed by Mr. Snowden. N.S.A.
> officials also wanted to employ the agency's advanced computer
> analysis tools to sift through its huge databases with much greater
> efficiency.
> The agency had asked for the new power as early as 1999, the documents
> show, but had been initially rebuffed because it was not permitted
> under rules of the Foreign Intelligence Surveillance Court that were
> intended to protect the privacy of Americans.
> A 2009 draft of an N.S.A. inspector general's report suggests that
> contact chaining and analysis may have been done on Americans'
> communications data under the Bush administration's program of
> wiretapping without warrants, which began after the Sept. 11 attacks
> to detect terrorist activities and skirted the existing laws governing
> electronic surveillance.
> In 2006, months after the wiretapping program was disclosed by The New
> York Times
> <,
> the N.S.A.'s acting general counsel wrote a letter to a senior Justice
> Department official, which was also leaked by Mr. Snowden, formally
> asking for permission to perform the analysis on American phone and
> e-mail data. A Justice Department memo to the attorney general noted
> that the "misuse" of such information "could raise serious concerns,"
> and said the N.S.A. promised to impose safeguards, including regular
> audits, on the metadata program. In 2008, the Bush administration gave
> its approval.
> A new policy that year, detailed in "Defense Supplemental Procedures
> Governing Communications Metadata Analysis," authorized by Defense
> Secretary Robert M. Gates and Attorney General Michael B. Mukasey,
> said that since the Supreme Court had ruled that metadata was not
> constitutionally protected, N.S.A. analysts could use such information
> "without regard to the nationality or location of the communicants,"
> according to an internal N.S.A. description of the policy.
> After that decision, which was previously reported by The Guardian,
> the N.S.A. performed the social network graphing in a pilot project
> for 1 ½ years "to great benefit," according to the 2011 memo. It was
> put in place in November 2010 in "Sigint Management Directive 424"
> (sigint refers to signals intelligence).
> In the 2011 memo explaining the shift, N.S.A. analysts were told that
> they could trace the contacts of Americans as long as they cited a
> foreign intelligence justification. That could include anything from
> ties to terrorism, weapons proliferation or international drug
> smuggling to spying on conversations of foreign politicians, business
> figures or activists.
> Analysts were warned to follow existing "minimization rules," which
> prohibit the N.S.A. from sharing with other agencies names and other
> details of Americans whose communications are collected, unless they
> are necessary to understand foreign intelligence reports or there is
> evidence of a crime. The agency is required to obtain a warrant from
> the intelligence court to target a "U.S. person" --- a citizen or
> legal resident --- for actual eavesdropping.
> The N.S.A. documents show that one of the main tools used for chaining
> phone numbers and e-mail addresses has the code name Mainway. It is a
> repository into which vast amounts of data flow daily from the
> agency's fiber-optic cables, corporate partners and foreign computer
> networks that have been hacked.
> The documents show that significant amounts of information from the
> United States go into Mainway. An internal N.S.A. bulletin, for
> example, noted that in 2011 Mainway was taking in 700 million phone
> records per day. In August 2011, it began receiving an additional 1.1
> billion cellphone records daily from an unnamed American service
> provider under Section 702 of the 2008 FISA Amendments Act, which
> allows for the collection of the data of Americans if at least one end
> of the communication is believed to be foreign.
> The overall volume of metadata collected by the N.S.A. is reflected in
> the agency's secret 2013 budget request to Congress. The budget
> document, disclosed by Mr. Snowden, shows that the agency is pouring
> money and manpower into creating a metadata repository capable of
> taking in 20 billion "record events" daily and making them available
> to N.S.A. analysts within 60 minutes.
> The spending includes support for the "Enterprise Knowledge System,"
> which has a $394 million multiyear budget and is designed to "rapidly
> discover and correlate complex relationships and patterns across
> diverse data sources on a massive scale," according to a 2008
> document. The data is automatically computed to speed queries and
> discover new targets for surveillance.
> A top-secret document titled "Better Person Centric Analysis"
> describes how the agency looks for 94 "entity types," including phone
> numbers, e-mail addresses and IP addresses. In addition, the N.S.A.
> correlates 164 "relationship types" to build social networks and what
> the agency calls "community of interest" profiles, using queries like
> "travelsWith, hasFather, sentForumMessage, employs."
> A 2009 PowerPoint presentation provided more examples of data sources
> available in the "enrichment" process, including location-based
> services like GPS and TomTom, online social networks, billing records
> and bank codes for transactions in the United States and overseas.
> At a Senate Intelligence Committee hearing on Thursday, General
> Alexander was asked if the agency ever collected or planned to collect
> bulk records about Americans' locations based on cellphone tower data.
> He replied that it was not doing so as part of the call log program
> authorized by the Patriot Act, but said a fuller response would be
> classified.
> If the N.S.A. does not immediately use the phone and e-mail logging
> data of an American, it can be stored for later use, at least under
> certain circumstances, according to several documents.
> One 2011 memo, for example, said that after a court ruling narrowed
> the scope of the agency's collection, the data in question was "being
> buffered for possible ingest" later. A year earlier, an internal
> briefing paper from the N.S.A. Office of Legal Counsel showed that the
> agency was allowed to collect and retain raw traffic, which includes
> both metadata and content, about "U.S. persons" for up to five years
> online and for an additional 10 years offline for "historical searches."
> The above article by James Risen
> Until next issue, stay cool and remain low profile!
> Privacy World
> A Note from your publisher: Sick and tired of your government
> tricking you? Then "Get Your Money Out of Your Country Before
> Your Country gets Your Money Out of You!" For less than the
> cost of a couple of soda's per day, you can obtain a totally
> anonymous bank account with an ATM card. Just e-mail for details
> and place "Anonymous" bank account in the
> subject heading!
> -----------------------------------------------------------------------------
> To subscribe,   send a blank message to
> To unsubscribe, send a blank message to
> To change your email address, send a message to
>    with your old address in the Subject: line
> To contact the list owner, send your message to
> Privacy World, 502 Hotta-kata, 3-6-10 Hirusaido, Kagurazaka, Shinjyuku-ku,
> Tokyo Japan


No comments: