Personally, the skeptic in me believes if the NSA is losing interest in a major data collection program like this, then they are deflecting the narrative from focusing on an even more impressive and accurate data collection program that they have developed and are ready to deploy out into the world. I’m putting on my tinfoil hat at this point, but every day I read HN I’m surprised at what is capable, given the right technology, money, and time.
I think it's more likely that most everyone the NSA would be interested in snooping on is aware they're snooping and has changed how they communicate and moved to encryption.
The signal to noise ratio has to be completely ridiculous, to the point that it's no longer a justifiable effort.
Intimidation and coercion are powerful motivators. The Innocence Project found 25% of people proven innocent, by DNA evidence, actually provided confessions or self-incriminating statements.
I worry about what other behind-the-door tactics are used. Some might even be official abuses of power, such as gag orders, which are already being used for what the WSJ called "political persecutions in Wisconsin,"(1) it wouldn't surprise me.
Get an average person into a room, interrogate for hour or days,if necessary, and ultimately, the vast majority would confess to anything just for the sake of ending it. There are many tricks in a hat to do so+ decades of experience within police and other institutions.
For some reason, it’s often the people who should shut up the most who just can’t shut up. The ability to stop yourself from talking is an underrated skill.
I think you misunderstand. Him not shutting up is probably how he got the job in the first place - the media gave him so much more attention than anybody else.
I think you're talking about a different class of problems, though. The NSA is going to be focused on larger, sophisticated groups; Chinese government intrusions, multi-state-sponsored terrorism, coordinated Russian attempts to influence U.S. elections. Not the type of thing that's going to get caught in a police interview.
Of course there are some sophisticated adversaries who were probably too smart to use phones even before Snowden, but I’ll venture a guess that the typical terrorism conspiracy is closer in sophistication to a street gang than to the KGB. At least, if there were a clear link between a terrorist plot and and institution full of taxpayer-funded career spooks, it would not be terrorism, just war.
I decided to watch the x files this evening after not watching it since it was on regular television. And my god, the entire show is adorable. Scullys entire character is "the goverment would never do that. It would be illegal."
The American dream we all had at one point is staggering. And sad how much we have lost. Rose colored glasses aside, if the same show aired today, it would not last a season, since it would be considered to naive to take seriously.
I think you mean GAF (reversed spelling). What is Netflix going to give the NSA? Looks like Osama bin Laden loves House of Cards. What about Amazon? The terrorists use AWS and ordered a bunch of pressure cookers?
“Amazon” — the company with massive contracts with the CIA and DoD, full time Alexa microphone in millions of homes, owner of Ring video doorbell, runs something like half the internet through their servers. Yeah I think they might have something the control freak “intelligence community” would be interest in.
IME you are served a subpoena to testify to specific information that they think you have, and if you can provide it prior to the date of testimony, you don't have to show up.
Suspect a warrant would be if they wanted to take something in your control, but I've never been subject of that kind of thing.
A cellphone would give information about the cellphone. Might be single use/shared burners - might be turned off. In certain cases the Netflix account might give better information (For example, imagine Snowden login in to Netflix in his hotel room. Or more likely, one of the journalists logging in to theirs...).
You might have a point regarding Netflix but Amazon’s cloud computing business is bigger than its online shop and used extensively the world over and has a lot of SaaS products based on communications alone (never mind all the other stuff in their portfolio)
This damned-if-they-do sentiment risks dismissing positive policy moves. If this headline read "NSA is expanding surveillance programs" people would be up in arms over the privacy implications. Instead they announce that they believe it should be dismantled and the response is... the same?
I understand the hesitation. Outright dismissing positive change feels like a counter-productive stance to adopt.
I'm never really sure how to react to these stories... In general, I agree with you that "they suck anyway" is an unhelpful stance, but the NSA's track record is singularly bad.
They went in front of the Church Committee and lied outright to Congress, then dodged all consequences when a DoJ investigation explicitly concluded that their stonewall tactics were too effective to defeat. Decades later, when we look at Clapper's testimony to Congress, nothing much seems to have improved. At best, every word of the promises and announcements has an exotic meaning no one could intuit, which won't be provided until after the story is leaked. At worst, they're naked lies.
I don't know what healthy progress and activism here look like, because as far as I can tell they've never happened. (Barring, I suppose, James Bamford's work.) When Congress repeatedly fails to bring an agency to heel, and the DoJ outright admits it's not up to the task, it's hard to find much faith in anything that agency says.
I understand why you say this, but even if they're truly doing the right thing here, I only owe them gratitude enough to say, "Thanks for stopping spying on me, finally, at least in this way." Add that to the number of times the NSA has shown itself to be untrustworthy and intentionally deceptive, and I'm willing to seem ungrateful and hard to satisfy. They've cultivated a hostile relationship, toward fixing which this is at best a small step.
They could be invasive, by monitoring even when there's nothing going on, but there are well-defined rules and strict protocols in place, and I have never heard any cases where they have used the data to attack anyone personally or are there?
I never consented to have my data snooped on by some cabal of creeps out in Washington DC. If they suspect I’m up to something, then show sufficient evidence to get a warrant and be transparent about it. Whether they’ve acted on the data or not is irrelevant — they’re stealing what should be my property and building tools for tyranny.
Not sure if this[0] falls under the "attack anyone personally" umbrella but it definitely falls under the invasive, even when there's nothing going on, portion of your comment.
You wont, because of a little thing called Parallel Construction.
NSA finds something out illegally, unethically, they pass it to another agency so proceeds to figure out a way to "discover" what the NSA did in a way that is legal, or at least plausible to the courts, thus never having to admit the investigation started with the NSA
The only positive "policy move" would be the agency being cutoff, disbanded, and any employee involved in attacks against persons on US soil or US persons abroad going to prison. Announcing that they may be shrinking their scope really has no bearing on the matter that they continue to operate with impunity.
You wouldn't stop clamoring for justice for an armed robber that announces they're moving on to simple pickpocketing for fear of making them reconsider.
They say that "logistical and legal burdens of keeping it outweigh its intelligence benefits", but the important criticisms weren't about it being expensive without results that justify it. Not a word about it being wrong or anything.
> Although the program was formally suspended, its data mining software was later adopted by other government agencies, with only superficial changes being made. The core architecture of TIA continued development under the code name "Basketball." According to a 2012 New York Times article, the legacy of Total Information Awareness is "quietly thriving" at the National Security Agency (NSA)
I think what you’re seeing is skepticism that the plan is to decrease overall surveillance. It sounds as if they are merely phasing out an obsolete method.
In the absence of public pressure, i can't see why a government agency would give up any power at all like this. Maybe so they can say "see, look how much better than China we are?" is one reason i can think of. I would imagine if they give something up, they have something equivalent or better to replace it. I don't trust them one bit, i hate them.
I am not sure, how many lies have been spotted? NSA typically lies by omission but so far, every secret surveillance program they have had was totally expected to anyone who read the laws that enabled them.
I often say that the only revelation Snowden gave us was the name of the different programs, but a lot of what was there was already guessable from the Patriot Act
I wonder if recruitment was also a factor in making this decision. Recently they released ghidra which they admitted was mainly for recruitment purposes.
If it's because of this, then it makes sense it's not worth it. Collecting massive amounts of (mostly useless) data versus attracting talented people. I know it's not a black or white situation and they can still attract talented people, but if there's a negative perception of the NSA then the pool of people will be a lot less.
The rumor is that recruitment absolutely was affected after Snowden. More damage done to our country by him.
I wouldn’t be surprised to learn that he did put the full cache of files online before fleeing, to be able to sell them to Russia. He certainly had the capability to do so. Also, I wouldn’t be surprised to learn that he was involved with Vault 7 somehow; it’s another conspiracy theory floating around.
He exposed the job for what it was and concensious citizens decided that it wasn't a purpose they wanted to fight for. Much better than working on the Manhattan project thinking it would be used for nuclear energy, only to then see your creation be used for mass destruction.
Is whistle blowers exposing rampant abuse in the church doing damage to the good of Christianity too?
The citizens deserve to know about the scale on which their own government violates their privacy.
In other words, the NSA found a better way of snooping. If they are asking to drop phone surveillance, then they found a superior method of data collection.
The only conclusion is that the NSA simply cannot be trusted in the future. I'm sure our illogical lawmakers will not draw it, but this is clearly another case of being told this program was crucial and people's rights needed to be trampled on that was simply untrue. The NSA just wanted the power for powers sake. Lawmakers should stop giving this agency what it asks for as it clearly has no bounds or idea of what it's doing with the incredible power it has.
Not necessarily; it may have been a very important source that has dried up or has been superseded by alternatives.
The phone program was launched prior to the iPhone and Facebook (even though we only found out about it after both). It may well have been very important up to at least 2012 (6 years into Facebook, 3 into the iPhone/ android boom) when we learned about the program and the NSA defended it.
Since the revelation seven years ago, it could well be that targets of the NSA are no longer using communication channels where phone metadata is useful.
From a purely technical perspective, the bespoke equipment needed to buffer and search through the traffic flow of a single 100Gbps transatlantic DWDM circuit (of which there might be 40 or 80 possible circuits in a single cable, from Porthcurnow to NY/NJ) would be incredibly complicated and costly. Just the amount of RAM you would need is nuts.
Or to do the same as a passive intercept on a 100Gbps PNI between two ISPs at Telehouse Docklands.
You are talking about one 100G circuit and the relatively minor sever+tap costs.
Summary of metadata might be possible if they have a small number of selectors pushed out to the edge, but given the footprint of a FAANG backbone and edge pops, keeping up with them would be noticeable, if only for impact on fiber and real-estate markets.
People keep talking about NSA's Utah DC like it's something huge, but in the scheme of scale out operators it's pretty average...
You are aware that every cable landing station has a classified area, right? And noone is allowed to visit a landing station w/out clearance from USG? And that the USG has a large data center near every cable landing station with rights to use the backhaul fiber from the landing station?
Ask Jay or Najam if they think the USG was tapping FB before they started encrypting everything.
There's on the order of 100 transoceanic cables terminating in the US with on the order of 80 lambdas per cables. That's 8k 100gs at $100k each, or $800M. That's less than 1% of NSA budget and about a tenth of 1% of the black budget. It's a relatively low cost to ensure "total information awareness" of comms in/out of the US.
I don't suggest that 100% of this being stored. It is a fairly trivial computer science problem w/ today's solutions to real time scan the words and pull out flagged data for analysis. That's the metadata you mention and I agree.
> And noone is allowed to visit a landing station w/out clearance from USG?
I work on a regular basis with people at ISPs who operate the terrestrial dark fiber and DWDM networks into many of the WA, OR and CA cable landing stations, and none of them have ever been required to get special permission from the feds. Most have gone through ordinary background checks through their employers, for basic stuff (way, way less involved than doing an SF-86 for a Secret clearance, basically just credit checks, criminal record check, and calling this previous references on their CV when they're hired).
I suspect the nuances, attacks, and mitigations around this would be a good topic of conversation at a conference or something if we ever run into each other.
Unfortunately there's not much that one can say in public around specifics of CLS etc :/
All they really need is metadata, IP-addresses, then they can use network theory to build graphs that shows who is communicating with who. If you for example visit a "terrorist" web site you are now linked to everyone else who also visited that site. Using network mesh graphs they can discover new "terrorist" cells. They can even figure out who the leader of this "terrorist" cell is and effectively destroy the cell. I can imagine they are also tracking location data to see who meets physically.
Are the budgets for these programs public knowledge? How much money have we (taxpayers) spent (or wasted?) on these "tools"? And for historians, will we ever get to see the source code and details of how they worked (other than powerpoint documents leaked by Snowden..)?
We can't trust what they say but either way, most phone traffic is probably VOIP nowadays (not traditional phone, so that program is probably obsolete?)...
We changed the URL from https://www.wsj.com/articles/nsa-recommends-dropping-phone-s... because WSJ seems no longer to have a paywall workaround. If someone can suggest a better URL, we can change it again. I just did a Google and picked the first link I found that wasn't illegibly crammed with ads.
I guess what I'm saying is that HN should not penalize the company doing the journalism. People can buy a subscription, those that won't still have a technical solution, and for the rest they can google like you did and find an article to read among the blogspam.
There's simply no good solution here, short of the publishing business restructuring so we can pay once to read everything, which I hope I live to see.
edit: All worked though an ad appeared over the article that I was able to dismiss by clicking on the small x in the upper right of the ad itself. Then I was able to read all those articles without being logged-in to the WSJ, just like readers of HNs could before.
I wonder if they realized this back when they lied to congress and tried to take credit for FBI work when they couldn't come up with "a single instance in which analysis of the NSA’s bulk collection metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time-sensitive in nature". It's always interesting when something crazy is going on and you would think the NSA would have relevant information to help, but they don't.
I suppose six years is enough time to save some face from the 2013 fiasco?
The intelligence agencies used to try to find out a persons skills and experience. Now they jest check their LinkedIn profile. They used to try to find who their friends and associates were. Now they check their Facebook friends. They used to try to figure out where the person travels on their day to day routine. Now they can check your Google Maps location history. Instead of going through great expenses to try to do surveillance on individual phones, they should just focus on how to get that data from these American companies that already have them.
For the life of me, I cannot figure out why this comment by "holyend" is being silently ghosted (censored) / flagged. Can a moderator explain the reasoning for it being flagged? Are curse words disallowed?
Surprise: The NSA was lying. Not only in the details of what they were saying but also in taking what looked like a most definitive stance on a topic they couldn't know enough about.
Just an FYI to people trying to view this article, the usual tricks like facebook outlinking, using outline.com and setting google as a referrer didn't work to circumvent the paywall. But I did manage to view the article by changing my user-agent to Safari - iOS. Dunno why it works but ¯\_(ツ)_/¯.
EDIT: I take it back. This briefly worked, but doesn't anymore. I have no idea what changed. Sorry peeps.
What specific version. In Safari on Mac, you can set the user agent in the Develop menu, to iOS iPhone, iPad, etc. Tried them all and no luck. Is there a specific iOS Device/iOS version you set to to be able to view the article?
Might be a mix of hearsay but some pieces of the puzzle are becoming clearer. Skip to the section on 'NSA Splitters' and ask yourself, if they had drop-in access to the baseband circuits, qould they already be able to intercept the Telcom providers' streams that gather the data that is now part of the disclosure programs? And even if the links are encrypted, keys can be leaked. Telcos are finally 'off the hook'.
There's absolutely a difference between information shared freely with a company in accordance with their privacy policy, and a government organization performing illegal data collection (per the DOJ) on their citizens without their knowledge or consent.
I can't parse whether you feel the knowledge of encryption or the encryption itself is dangerous, but the dangerous encryption argument is easy to make from a position of privilege by someone who has never been oppressed by an authoritarian state.
(I can sympathize with the point of view that holier-than-thou tech companies with a scope of data collection that would make the NSA green with envy are laughably hypocritical on data collection... companies that compile shadow profiles on non-users I would be willing to lump in with the NSA data collection, incredibly suspect and probably illegal as well)
Are you OK with having someone with a clipboard following you around recording your every move? Are you OK with someone entering your home and listening to and recording your private interactions with your loved ones? Are you OK with having random passers by having your banking details? If so you are at least consistent. If not you need to think a little more about what you are advocating for.
Not only all of this, but having each of these interactions chronicled, seemingly in perpetuity, for later analysis/exploitation, or potentially stolen.
Location data, cameras (clipboard metaphor): I’d rather the the government have tight control over such data. Revamp cell phone tech to prevent stingray/rogue cell tower usage, legally prevent location data from being resold without tight auditing through the NSA and related agencies. Similar for camera data. Bulk collection ok: yes.
In home, I don’t have a POTS/PSTN service, echo or similar. But with a justified warrant, if there’s a remote mic to activate that will help a criminal case, it’s fair game. Bulk collection ok: no.
In vehicle, the microphone should be available but similarly audited to prevent abuse or bulk surveillance. Bulk collection ok: no.
Banking records: similarly, not clear on the analogy of a “passerby” having access. The records exist, they should be available for investigations when needed by authorized parties. Bulk collection ok: yes.
The new reality is that privacy will evaporate due to the commoditization of tech that facilities surveillance. It’s a question of who has the power and whether they have your best interests at heart. I don’t believe the Hollywood Snowden propaganda. Speaking to military folks the NSA doesn’t care much about what most people are up to. Everyone knows they used their systems to fight domestic crime under the radar (think: Person of Interest TV show) which I personally support(ed) in many cases.
Surveillance is necessary but does need to be put into entrusted hands. I trust the NSA more than most private interests. Snowden simply showed that you can’t blindly trust groups of people in an organization as they trusted him. They will rebuild despite his malice.
> It’s not entirely uncommon to grow from liberal to conservative as you get older, it certainly happened to me and allowed me to see different perspectives.
This is a thinly veiled personal attack implying that the person you are responding to is too immature to see why you are right.
The flagged question asked if I worked for the government or something to that effect. I’ve noticed a bit of a correlation where conservatives tend to be more supportive of government surveillance. I should have clarified.
