Poppsikle blog

Month: February, 2014

Francis Jeffrey: President’s Review Group Finds Biggest NSA Program 100% Wasteful and Hazardous to National Security

Image

Dear Colleagues,

I finally had a chance to read—

LIBERTY  AND  SECURITY IN  A  CHANGING  WORLD:
Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies  { file:  2013-12-12_rg_final_report }*

–and recount here, following, the portions that seemed most pertinent to the issues I’ve expressed concern over and interest in addressing via the software, “stochastic” & “human factors” paradigms.  (In other words:  pulling signals out of noise via targeted sampling constrained by budget, etc.;  and, pattern recognition that results in patterns recognizable to typical humans.)    The relative efficacy of “Section 215”  and  “Section 702”  are touched-on herein. *+*  {my letter footnotes are at bottom of this document file.}

Herein, attached following, I highlight the key lines.

Best Regards,

Francis Jeffrey

______________________

{Note: The following are direct text copies from the published .PDF but I have inserted the page references in parentheses, dotted ellipses & curvy brackets containing my comments and  “f/n” number citation to the original documents own footnotes,  for clarity sake.  Throughout, “section 215” refers to telephony metadata aggregation.  The asterisks and crosses refer to my own, added footnotes at the bottom of this letter}  **

The President’s Review Group writes: Although NSA maintained that, upon learning of these noncompliance incidents, it had taken remedial measures to prevent them from recurring, Judge Walton rejected the government’s argument that, in light of these measures, “the Court need not take any further remedial action.”  Because it had become apparent that NSA’s data accessing technologies and practices were never adequately designed to comply with the governing minimization procedures, NSA Director General Keith Alexander conceded that “there was no single person who had a complete understanding of the  [section 215]  FISA system architecture.”  {f/n.104} (p 106)

{…}

PRG: NSA believes that on at least a few occasions, information derived from the section 215 bulk telephony meta-data program has contributed to its efforts to prevent possible terrorist attacks, either in the United States or  somewhere else in the world. More often, negative results from section 215  queries have helped to alleviate concern that particular terrorist suspects are in contact with co-conspirators in the United States.  Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.{**}   Moreover, there is reason for caution about the view that the program is efficacious in alleviating concern about possible terrorist connections, given the fact that the meta-data captured by the program covers only a portion of the records of only a few telephone service providers.  {++} (p.104)

{…}

PRG: Third, one might argue that, despite these concerns, the hypothetical mass collection of personal information would make it easier for the government to protect the nation from terrorism, and it should therefore be permitted. We take this argument seriously. But even if the premise is true, the conclusion does not necessarily follow.  Every limitation on the government’s ability to monitor our conduct makes it more difficult for the government to prevent bad things from happening. As our risk management principle suggests,  the question is not whether granting the government authority makes us incrementally safer, but whether the additional safety is worth the sacrifice in terms of individual privacy, personal liberty, and public trust. (p.114)
{para. refs. implicitly:  f/n.113–Church Committee Report at 778 (April 1976).}

{…}

PRG: There are two distinctions between the hypothetical and actual versions of section 215.   First, the total amount of data collected and retained in the hypothetical version of section 215 is much greater than the total amount of data collected and retained in the actual version. This means that the possible harm caused by the collection and the possible benefit derived from the collection are both reduced. Everything else being equal, this suggests that the balance between costs and benefits is unchanged.  {f/n.114}

{…}

{footnote here:}

PRG: 114 — It is possible, of course, for the government carefully to target its collection and retention of data in a way that maximizes the benefit and minimizes the cost, thereby substantially altering the balance of costs and benefits.  But there is  no reason to believe  that this describes the decision to collect bulk telephony  meta-data, in particular. (p.116)

{…}

PRG: We recognize that there might be problems in querying multiple, privately held data bases simultaneously and expeditiously. In our view, however, it is likely that those problems can be significantly reduced by creative engineering approaches. (p. 118)

{…}

{Conclusion is hidden in footnote here extending over bottoms of p.119–p.120:}

PRG: It is noteworthy that the section 215 telephony meta-data program has made only a modest contribution to the nation’s security. It is useful to compare it, for example, to the section 702 program, which we discuss in the next Part of our Report. Whereas collection under section 702 has produced significant information in many, perhaps most, of the 54 situations in which signals intelligence has contributed to the prevention of terrorist attacks  since 2007, section 215 has generated relevant information in only a small number of cases, and there has been no instance in which NSA could say with confidence that the outcome would have been different without the section 215 telephony meta-data program. Moreover, now that the existence of the program has been disclosed publicly, we suspect that it is likely to be less useful still.

{end of f/n that extends across the bottoms of p.119–p.120}

PRG: C. September 11 and its Aftermath

The September 11 attacks were a vivid demonstration of the need for detailed information about the activities of potential terrorists. This was so for several reasons.

First, some information, which could have been useful, was not collected and other information, which could have helped to prevent the attacks, was not shared among departments. 

Second, the scale of damage that 21st-century terrorists can inflict is far greater than anything that their predecessors could have imagined. {…} (p.71)

– – – – – – –

* Source:
LIBERTY AND SECURITY IN A CHANGING WORLD
Report and Recommendations ofThe President’s Review Group on Intelligence and Communications Technologies
{ 2013-12-12_rg_final_report }
Executive Office of the President
Washington, DC, 12 Dec. 2013

whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf

**Note: Bold emphasis added. In all of the above excerpts except one, “section 215” refers to the automated telephony metadata aggregation program, citing to the section number in the Patriot Act, now codified at 50 U.S.C. § 1861. The exception is “conventional section 215 orders” (on p.104) – viz: individualized orders to collect data, which were the apparent & original intent of that law. Underline emphasis added.

*+* The most obvious (& publicly disclosed) design defects and legal defects in the “Sec. 702” programs will be treated in a subsequent letter.—FJ 12.Feb.2014

++ On p.104, the hazard subtly alluded to is that “alleviating concern” this way is likely to amount to FALSE NEGATIVES, causing real threats to be discounted !

Advertisements

The Roots of the Problem. Francis Jeffrey on Internet development, DARPA, the early NSA and what happened next

Image

How it all began. Government Contractors & Bureaucracy

The government buys lots of goods & services (“contractors”) who push whatever they have to offer.  The government also promotes and nourishes certain developments (for example, DARPA & university research grants). The bureaucracy (for example, Pentagon) is full of people with certain career specialties, and assigned certain tasks.

Who is guarding the People?

Congress is elected largely using money from contractors who supply goods and services to the government. So not only are the wolves guarding the chickens, but also the eggs. (and no one knows which actually came first!)

DARPA

Remember when I worked for DARPA in the 1970s, we were developing the Internet (then called DARPA-NET & NSF-NET) because it was thought to be a communication method that (a) would survive a war [the parallel “.mil” side of it], and (b) accelerate the pace of collaboration among government, university & industry. I don’t really know whether anyone at that point was contemplating its potential for “data mining”, or even the prospect that it would become a public communication and mass-media system.

The Early NSA

What NSA was thinking in those days is largely documented in a book, “The Puzzle Palace,” which they tried to suppress AFTER it was published. SIGINT in those days seemed to be mostly about interpreting messages picked-out from telephone and radio signals. This required lots of translators (human) and s/w that scanned signals for “key words”. They had “listening posts” all over the world, but the domestic nexus seemed to be “telephone exchanges”, which in the 1960s & 70s were being computerized (UNIX operating system, developed by AT&T Bell Labs).

9/11-fueled Acceleration

The NSA was focused on ther SIGINT contribution to (real) military intelligence and counter-intel, with the identified threats being the USSR, etc. While there were some low-key “NSA snooping scandals” in the 1970 & 80s, i think they really got messed up in the 2nd Bush administration, and the way it played the “9/11” catastrophe to its own advantage. Suddenly there was a permanent enemy and a permanent state of war — just as George Orwell envisioned.  So the Constitution was abandoned, and money flowed to anyone who was well-connected and seemed to offer a piece of the technology puzzle.

Change that needs to happen

We’d like all this current commotion to result in restoring the Constitution, reinforcing private ownership of our own data and bio-data, and a national SIGINT system that is focused, effective and efficient for its primary and stated purpose (i.e., REAL mil. intel & counter-spy ops). I would be for certain additional functions that are carefully and narrowly defined, only:  AGAINST human trafficking, abduction, torture, murder-for-hire and large-scale international organized crime that corrupts governments or traffics in (specifically) nuclear, biological or nanotech weapons.

– Francis Jeffrey

See also: Lets Solve the Problem of Restoring Internet Privacy! Francis Jeffrey on How to do it

Image

https://poppsikle.wordpress.com/2014/01/27/lets-solve-the-problem-of-restoring-internet-privacy-francis-jeffrey-on-how-to-do-it-2/

.