Thursday, 1 August 2013

U.S. Outlines N.S.A.’s Culling of Data for All Domestic Calls

Together, the new round of disclosures shed even more light on the scope of the United States government’s secret surveillance programs, which have been dragged into public view and debate by leaks from the former N.S.A. contractor Edward J. Snowden.

The Office of the Director of National Intelligence released the newly declassified documents related to the domestic phone logging program at the start of a Senate Judiciary Committee hearing on the topic. Simultaneously, The Guardian published a still-classified 32-page presentation leaked by Mr. Snowden that describes the N.S.A.'s XKeyscore program, which mines Internet browsing information that the agency is apparently vacuuming up at 150 network sites around the world.

The documents released by the government, meanwhile, include an April ruling by the Foreign Intelligence Surveillance Court that supported a secondary order — also leaked by Mr. Snowden — requiring a Verizon subsidiary to turn over all of its customers’ phone logs for a three-month period.

It said the government may access the logs only when an executive branch official determines that there are “facts giving rise to a reasonable, articulable suspicion” that the number searched is associated with terrorism.

The releases also included two formerly classified briefing papers to Congress from 2009 and 2011, when the provision of the Patriot Act that the court relied on to issue that order was up for reauthorization. The papers outlined the bulk collection of “metadata” logging all domestic phone calls and e-mails of Americans and are portrayed as an “early warning system” that allowed the government to quickly see who was linked to a terrorism suspect.

“Both of these programs operate on a very large scale,” the 2011 briefing paper said, followed by something that is redacted, and then: “However, as described below, only a tiny fraction of such records are ever viewed by N.S.A. intelligence analysts.”

Both programs traced back to the surveillance efforts the Bush administration secretly started after the terrorist attacks of Sept. 11, 2001, and which initially operated outside statutory authority or court oversight. The Bush administration later obtained orders from the Foreign Intelligence Surveillance Court to continue them.

The Obama administration has said it shut down the program that collected e-mail “metadata” in 2011, but it is not clear whether such collection has continued under a different program.

The newly disclosed XKeyscore presentation focuses in particular on Internet activities, including chats and Web site browsing activities, as intelligence analysts search for terrorist cells by looking at “anomalous events” like who is using encryption in Iran or “searching the web for suspicious stuff.”

In contrast to the domestic-call tracking program, the example cited in the XKeyscore presentation — which said it had generated intelligence that resulted in the capture of more than 300 terrorists — appeared to be focused on overseas activity.

A map showed 150 network sites around the world at which the N.S.A. is collecting that information; it is not clear whether the governments in those places are aware of the spying.

The volume of data is so vast that most of it is stored for only three days, the presentation said, although “metadata” — information showing log-ins and server activity, but not content — is stored for a month.

Several of the pages on the presentation were redacted by The Guardian.

But the presentation shows that while much of the focus from Mr. Snowden’s revelations so far has been on communications — whether calls or e-mails — that are linked, directly or indirectly, to a known suspect, the N.S.A. is also collecting and searching through massive amounts of Web-browsing activity.

“A large amount of time spent on the Web is performing actions that are anonymous,” the presentation explains, saying that the XKeyscore system can extract and store retrospective activity from “raw unselected bulk traffic.”

One example of how analysts might use the system is to search for whenever someone has started up a “virtual private network” in a particular country of interest; VPNs are pipelines that add greater security to online communications. N.S.A. analysts are able to use the system to extract the activity retrospectively from “raw unselected bulk traffic” and then decrypt it to “discover the users.” 

No comments:

Post a Comment