Sophos Cloud Optix
Up until now, Edward Snowden has revealed the techniques and tools used by the National Security Agency (NSA) in its surveillance activities, but he’s kept the actual content of intercepted messages close to the vest, assuring journalists and the public that his evidence would eventually show that the spy agency pretty much sees all, knows all.
Now, the content is out – or, at least, shared with The Washington Post.
Snowden’s made good on his promises, and months-long analysis done by The Post on 160,000 intercepted messages has provided a blueprint of what the US’s intelligence agencies vacuumed up and from whom.
The takeaway that spawned headlines on Monday: 90% of the account holders found in a large cache of intercepted conversations that Snowden handed over, in full, to The Post weren’t intended targets of surveillance but were still swept up in the net cast to catch somebody else.
The NSA’s interception of messages shows laughably feeble attempts to “minimise” the identity of illegally tracked targets (the NSA notes that it was tracking a “US president-elect”, for example; given that we know the date of the intercepted messages, there’s only one man who it could be); interception of (and, occasionally, mocking of) content that’s heart-stirringly intimate; and a slender but undeniably significant slice of legally snared conversations – including the unveiling of a new nuclear project – that has to be weighed against the otherwise outrageous scale of privacy invasion.
The Post looked over a cache that consists of 160,000 intercepted email and instant-messaging conversations, plus 7,900 documents taken from more than 11,000 online accounts, all dating to President Obama’s first term, from 2009 to 2012.
The Post says that the materials paint a vivid picture of the landscape ushered in by Section 702 of the Foreign Intelligence Surveillance Act (FISA) amendments [PDF].
Section 702 rubberstamped the ongoing, illegal mass spying on domestic communications that began after 9/11, during the Bush administration.
In 2008, Section 702 was added to the pre-existing FISA, amending it so as to allow the NSA to work with telecoms to copy, scan and filter internet and phone traffic coming through physical infrastructure – a program code-named Upstream that snatches data as it crosses the US junctions of global voice and data networks.
Section 702 also covered collection orders, including PRISM, directed at specific companies to compel them to hand over content (as long as it’s “targeted” mostly at foreigners).
Through PRISM, US intelligence has been able to get its hands on content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading internet companies.
Regardless of whether intercepted content comes from PRISM, Upstream or other warrantless searches, it’s all copied and dumped into a searchable database.
Enter Edward Snowden.
He searched it, he copied it, he handed it over to The Post, and here are some of the things that the newspaper says it subsequently came across in that deep data store:
- Medical records sent from one family member to another;
- Résumés from job hunters;
- Academic transcripts of schoolchildren;
- Photos of: a young girl in religious dress beaming at a camera outside a mosque; of infants and toddlers in bathtubs, on swings, sprawled on their backs and being kissed by their mothers; of men flexing their muscles; and of women modeling lingerie, leaning suggestively into a webcam or striking risque poses;
- A suspected kidnapper, newly arrived in Syria before the civil war, begging for a job as a janitor and expressing surprise at how scantily clad were the women on local beaches.
In fact, much of the captured communications have a “startlingly intimate, even voyeuristic quality”, The Post says, telling stories of “love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes”.
As The Post reports, 90% of these intercepted conversations were from people who wouldn’t lawfully qualify as targets – in other words, the NSA wouldn’t be able to state a reasonable belief that the individuals had information of value about a foreign government, a terrorist organisation or the spread of nonconventional weapons.
The law requires the NSA to legally target only foreign nationals located overseas, unless it gets a warrant based on probable cause from a special surveillance court.
But while 9 out of 10 surveillance subjects were innocent internet users, that still leaves 1 out of 10 who were anything but that.
For example, in the documents revealed by Snowden, one analyst made fun of the scandalised, would-be janitor and suspected kidnapper.
He may have been mocked, but that suspected kidnapper is just one example pointing to dangerous or potentially dangerous individuals who were legally spied upon – 10% of whom provided solid intelligence of serious security threats.
To avoid interfering with ongoing operations, the CIA asked The Post to refrain from giving details about the most valuable intercepted content it analysed.
But this is the gist of the most crucial intelligence:
- Fresh revelations about a secret overseas nuclear project,
- double-dealing by an ostensible ally,
- a military calamity that befell an unfriendly power, and
- the identities of aggressive intruders into US computer networks.
And while The Post refrained from giving details on ongoing investigations, it did point to the successful capture of two suspected terrorists as a direct result of months of tracking communications across more than 50 alias accounts.
One was the 2011 capture of Pakistani bomb-builder Muhammad Tahir Shahzad, and the other was the capture of Umar Patek, who was sentenced to 20 years in jail for a 2002 terrorist bombing on the Indonesian island of Bali that killed more than 200 people.
NSA defenders are pointing to such arrests as being confirmation of its surveillance programs.
From PowerLine’s Paul Mirengoff:
[The Post succeeds] only in confirming the value of the NSA’s practice in combating the threat to our safety posed by terrorists.
Leftists like Glenn Greenwald have persistently maintained that NSA’s electronic spying is basically worthless in countering terrorism. This claim was always absurd on its face, and the Post's story debunks it.
Regarding the 9 out of 10 innocents caught in the net, Mirengoff echoes what the Obama administration had to say when it shrugged off The Post’s article: it’s “unavoidable, rather than surprising”.
Robert Litt, the general counsel to the director of national intelligence, on Sunday told the New York Times that The Post didn’t disclose anything new:
These reports simply discuss the kind of incidental interception of communications that we have always said takes place under Section 702.
We target only valid foreign intelligence targets under that authority, and the most that you could conclude from these news reports is that each valid foreign intelligence target talks to an average of nine people.
But how long does the NSA retain the email and phone conversations of innocents that it’s swept up, and how well does it safeguard that content?
Snowden was a mere contractor, but he was still able to deeply probe that material, having the power, as he says, to find a senator’s email just by typing in a few search terms on XKeyscore, the NSA’s intelligence searching and analysis tool.
Material described by analysts themselves as being useless is nonetheless kept hanging around.
Even if that material seems harmless now, there’s no telling how it could come back to haunt us, as Snowden told The Post:
Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders, their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?
Yes, the 1 out of 10 real threats can be used to justify the existence of the NSA programs.
But fully? Completely? Unreservedly? If not, to what extent?
Do the intelligence successes detailed in The Post’s report completely counterbalance the 9 out of 10 innocent people whose privacy is not only violated illegally but continuously, given the government’s retention of data?
How do we assess the tradeoff of privacy for captured terrorists and foiled security plots?
I don’t know how to do that difficult math. Do you?
Image of mosaic of eyes courtesy of Shutterstock.
They have not stopped any terrorist attacks with this activity. Where is the list of foiled terrorist plots? Of course, they can’t tell us – what BS! The Patriot Act is unconstitutional and should be repealed.
Love your blog. Love that this debate is happening. I have a couple of points – you keep using the term “illegal”. I’m not sure that applies in any of these cases. Immoral, possibly, but not necessarily illegal since of the 30,000 employees, none have been indicted (and yes, federal prosecutors have high enough security clearance to see this stuff).
Next – keeping the content around. Of the 9 people who are not targets now, would you make the decision as an analyst to remove all data concerning someone who has a link (however tenable) to a target? An analyst decides that a picture of someone’s dog is innocuous for their operation. What about other operations? New forms of steg. are created all the time. Would you make the call to delete the data? Should NSA now have more resources given to them with the task of “cleaning out old data”?
I definitely get your point about the use of the term “illegal”. There have been no indictments, you’re right.
But the laws restrict surveillance of US persons without probable cause. When The Post labels the 90% of searches as being “iillegal”, that conclusion comes after analysing not only the primary conversations but also the notes from intelligence analysts, who themselves sometimes noted that the intelligence being collected was “useless”.
For example, one analyst was hanging out in a chat room to spy on a specific, legitimate target, but she also amassed conversational threads of the entire 36 individuals in the room.
In such cases, like I said, the NSA wouldn’t be able to state a reasonable belief that the individuals had information of value about a foreign government, a terrorist organisation or the spread of nonconventional weapons.
If that’s not, strictly, illegal, I’m not sure what other word to swap in, but I’m open to suggestions.
If they just start automatically deleting mail with pictures of women modeling lingerie, terrorists will start communicating using steganography in pictures of women modeling lingerie. I don’t know the right answer to this, and neither does the U.S. government, it seems.
9 out of 10?
Innocent members of the public having their privacy intruded on and their information illegally gathered?
Sorry, but no. That’s a flagrant abuse of power. Surely with all their magical all-watching technological powers, they could work out how to intercept the data of actual, viable targets/threats specifically? Rather than having a laugh at some guy showing his junk on a webcam?
Sure, random members of the public could watch people through their webcams or whatever with the right know how but this is powerful authority collecting all this data.
You may trust those in power now with sort of ability. Who is going to be running the show 20, 50 years from now and what are they going to do with this power when your kids have been desensitized to these intrusions?
It is far better to let criminals get away than it is to stomp on the freedoms of the innocent because “the end justifies the means.”
Terrorism isn’t as big a threat as it is being made out to be but it sure as heck is a great tool for governments to use to centralize power. Long live the forever war right? Wake up people and move the power back into the hands of the people and reign in these govt organizations.
“It is far better to let criminals get away than it is to stomp on the freedoms of the innocent because “the end justifies the means.””
Tell me that again when one of those criminals they let get away murders your family.
IMHO, I think the NSA should automatically delete all information of innocent people netting during investigations a year after it is flagged as “not part of investigation”. I gave a year so that the investigators can go back to search the info if two or more investigations cross paths.
I would be interested in who the double-dealing ostensible ally is.
I think you’re misreading the report. One of the examples given is between a bomber and his girlfriend. It’s correct that the girlfriend isn’t a legal target of an investigation, but that doesn’t mean that intercepting her communications with a known terrorist is illegal. I would guess that even in mundane non-NSL wiretaps 90% of the communications involves persons who aren’t suspects.
I will note that I think this report was the most damning Greenwald has released, but for a completely different reason. The rest of the reports showed that Snowden had managed to get enough access to know about the existence of these top secret programs. This one shows that the NSA’s internal security is bad enough that he managed to actually get personal information on subjects who were not the target of an investigation and who he presumably had no legitimate reason to be investigating.
I’m curious as to the next step – will they plant bugs in random houses – or maybe move a plain clothes cop ito everyone’s home to gather even more ‘intelligence’
To be honest, the activities of NSA and GCHQ aee that well known that no terrorist with half a brain cell is going to use e-mails because he knows they will be snooped.
I’ve a feeling the scenario is now ‘if you can’t actually find a threat, invent one and keep your job’