Do you remember when, at Def Con 20, Dark Tangent, aka Jeff Moss, asked NSA Chief General Keith Alexander about the agency keeping dossiers on Americans? Alexander denied it before adding, "Anybody who tells you we're keeping files or dossiers on the American people knows that's not true." But is a sophisticated social graph not a file? The New York Times revealed that, since 2010, the NSA has been secretly mapping "some Americans' social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information."
According to NSA documents obtained from Edward Snowden, the New York Times reported, "The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents."
The leaked NSA documents indicate that "the spy agency began allowing the analysis of phone call and email logs in November 2010 to examine Americans' networks of associations for foreign intelligence purposes after NSA officials lifted restrictions on the practice." According to a January 2011 NSA memorandum, there was a policy shift that allowed the agency to "discover and track" connections between Americans and intelligence targets overseas. "The agency was authorized to conduct 'large-scale graph analysis on very large sets of communications metadata without having to check foreignness' of every email address, phone number or other identifier."
Phone and email logs, for example, allow analysts to identify people's friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist's office, late-night messages to an extramarital partner or exchanges with a fellow plotter.
How can the agency get by with it? According to an NSA spokesperson, "All data queries must include a foreign intelligence justification, period." NSA officials would not say how many Americans "involved in no wrongdoing" were also having their social connections mapped. The NSA's policy change was based on "a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called."
Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans' "metadata," which includes the timing, location and other details of calls and emails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court.
Citing NSA documents, the Times described an NSA "tool" called Mainway that "was taking in 700 million phone records per day" in 2011 and was being "used for chaining phone numbers and email addresses;" but by "August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider."
Another top-secret NSA document reveals how the agency maps its targets' connections by looking for 94 "entity types," such as email addresses, IP addresses and phone numbers. Those are correlated with 164 "relationship types" to "build social networks and what the agency calls 'community of interest' profiles, using queries like 'travelsWith, hasFather, sentForumMessage, employs'."
Regarding these newest NSA spying revelations, ACLU Deputy Legal Director Jameel Jaffer said:
This report confirms what whistleblowers have been saying for years: the NSA has been monitoring virtually every aspect of Americans' lives - their communications, their associations, even their locations. The NSA apparently believes it can conduct this surveillance because 30 years ago the Supreme Court upheld the government's warrantless collection of basic information about a criminal suspect's telephone calls over the course of a single day. But the claim that this narrow case from the analog era authorizes the mass surveillance of hundreds of millions of Americans is outlandish. That the NSA's surveillance activities rest on so flimsy a foundation is further evidence that our intelligence-oversight system is utterly broken.
This is yet another example of how the NSA does keep 'dossiers' or 'files' on Americans, despite NSA Chief Alexander's denials of "No, we don't. Absolutely not."
Like this? Here's more posts:
- Wickr: Free texting app has military-grade encryption, messages self-destruct
- Nuke data: BleachBit for Windows has 1300+ cleaners to help protect your privacy
- Ctrl+Alt+Del 'was a mistake' admits Bill Gates, who said 'no' about returning as CEO
- Microsoft shows off two new Surface tablets: Surface 2, Surface Pro 2
- Researchers develop attack framework for cracking Windows 8 picture passwords
- Microsoft warns of IE zero day in the wild, all IE versions vulnerable
- Been groped by TSA agents? Former DHS official implied privacy advocates are to blame
- F-Secure's Mikko Hypponen: George Orwell was an optimist
- Cautionary tales: Teen beauty queen and baby spied on via hacked cameras
- Microsoft Research: Secret tags in 3D-printed objects, hooked to the Internet of Things
- Gmail is the preferred email service of terrorists, claims former NSA chief
- ACLU: FBI has '20 separate records' for every adult and child in the USA
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited