Francis Jeffrey: President’s Review Group Finds Biggest NSA Program 100% Wasteful and Hazardous to National Security

by poppsikle

Image

Dear Colleagues,

I finally had a chance to read—

LIBERTY  AND  SECURITY IN  A  CHANGING  WORLD:
Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies  { file:  2013-12-12_rg_final_report }*

–and recount here, following, the portions that seemed most pertinent to the issues I’ve expressed concern over and interest in addressing via the software, “stochastic” & “human factors” paradigms.  (In other words:  pulling signals out of noise via targeted sampling constrained by budget, etc.;  and, pattern recognition that results in patterns recognizable to typical humans.)    The relative efficacy of “Section 215”  and  “Section 702”  are touched-on herein. *+*  {my letter footnotes are at bottom of this document file.}

Herein, attached following, I highlight the key lines.

Best Regards,

Francis Jeffrey

______________________

{Note: The following are direct text copies from the published .PDF but I have inserted the page references in parentheses, dotted ellipses & curvy brackets containing my comments and  “f/n” number citation to the original documents own footnotes,  for clarity sake.  Throughout, “section 215” refers to telephony metadata aggregation.  The asterisks and crosses refer to my own, added footnotes at the bottom of this letter}  **

The President’s Review Group writes: Although NSA maintained that, upon learning of these noncompliance incidents, it had taken remedial measures to prevent them from recurring, Judge Walton rejected the government’s argument that, in light of these measures, “the Court need not take any further remedial action.”  Because it had become apparent that NSA’s data accessing technologies and practices were never adequately designed to comply with the governing minimization procedures, NSA Director General Keith Alexander conceded that “there was no single person who had a complete understanding of the  [section 215]  FISA system architecture.”  {f/n.104} (p 106)

{…}

PRG: NSA believes that on at least a few occasions, information derived from the section 215 bulk telephony meta-data program has contributed to its efforts to prevent possible terrorist attacks, either in the United States or  somewhere else in the world. More often, negative results from section 215  queries have helped to alleviate concern that particular terrorist suspects are in contact with co-conspirators in the United States.  Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.{**}   Moreover, there is reason for caution about the view that the program is efficacious in alleviating concern about possible terrorist connections, given the fact that the meta-data captured by the program covers only a portion of the records of only a few telephone service providers.  {++} (p.104)

{…}

PRG: Third, one might argue that, despite these concerns, the hypothetical mass collection of personal information would make it easier for the government to protect the nation from terrorism, and it should therefore be permitted. We take this argument seriously. But even if the premise is true, the conclusion does not necessarily follow.  Every limitation on the government’s ability to monitor our conduct makes it more difficult for the government to prevent bad things from happening. As our risk management principle suggests,  the question is not whether granting the government authority makes us incrementally safer, but whether the additional safety is worth the sacrifice in terms of individual privacy, personal liberty, and public trust. (p.114)
{para. refs. implicitly:  f/n.113–Church Committee Report at 778 (April 1976).}

{…}

PRG: There are two distinctions between the hypothetical and actual versions of section 215.   First, the total amount of data collected and retained in the hypothetical version of section 215 is much greater than the total amount of data collected and retained in the actual version. This means that the possible harm caused by the collection and the possible benefit derived from the collection are both reduced. Everything else being equal, this suggests that the balance between costs and benefits is unchanged.  {f/n.114}

{…}

{footnote here:}

PRG: 114 — It is possible, of course, for the government carefully to target its collection and retention of data in a way that maximizes the benefit and minimizes the cost, thereby substantially altering the balance of costs and benefits.  But there is  no reason to believe  that this describes the decision to collect bulk telephony  meta-data, in particular. (p.116)

{…}

PRG: We recognize that there might be problems in querying multiple, privately held data bases simultaneously and expeditiously. In our view, however, it is likely that those problems can be significantly reduced by creative engineering approaches. (p. 118)

{…}

{Conclusion is hidden in footnote here extending over bottoms of p.119–p.120:}

PRG: It is noteworthy that the section 215 telephony meta-data program has made only a modest contribution to the nation’s security. It is useful to compare it, for example, to the section 702 program, which we discuss in the next Part of our Report. Whereas collection under section 702 has produced significant information in many, perhaps most, of the 54 situations in which signals intelligence has contributed to the prevention of terrorist attacks  since 2007, section 215 has generated relevant information in only a small number of cases, and there has been no instance in which NSA could say with confidence that the outcome would have been different without the section 215 telephony meta-data program. Moreover, now that the existence of the program has been disclosed publicly, we suspect that it is likely to be less useful still.

{end of f/n that extends across the bottoms of p.119–p.120}

PRG: C. September 11 and its Aftermath

The September 11 attacks were a vivid demonstration of the need for detailed information about the activities of potential terrorists. This was so for several reasons.

First, some information, which could have been useful, was not collected and other information, which could have helped to prevent the attacks, was not shared among departments. 

Second, the scale of damage that 21st-century terrorists can inflict is far greater than anything that their predecessors could have imagined. {…} (p.71)

– – – – – – –

* Source:
LIBERTY AND SECURITY IN A CHANGING WORLD
Report and Recommendations ofThe President’s Review Group on Intelligence and Communications Technologies
{ 2013-12-12_rg_final_report }
Executive Office of the President
Washington, DC, 12 Dec. 2013

whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf

**Note: Bold emphasis added. In all of the above excerpts except one, “section 215” refers to the automated telephony metadata aggregation program, citing to the section number in the Patriot Act, now codified at 50 U.S.C. § 1861. The exception is “conventional section 215 orders” (on p.104) – viz: individualized orders to collect data, which were the apparent & original intent of that law. Underline emphasis added.

*+* The most obvious (& publicly disclosed) design defects and legal defects in the “Sec. 702” programs will be treated in a subsequent letter.—FJ 12.Feb.2014

++ On p.104, the hazard subtly alluded to is that “alleviating concern” this way is likely to amount to FALSE NEGATIVES, causing real threats to be discounted !

Advertisements