I posted this quote from a Foreign Policy article [1] on another NSA related discussion two weeks ago. In short, this isn't the first time Alexander has run a program that used large networking charts, and it also isn't the first time the charts his program created charts that turned out to be worthless.
"When he ran INSCOM and was horning in on the NSA's turf, Alexander was fond of building charts that showed how a suspected terrorist was connected to a much broader network of people via his communications or the contacts in his phone or email account.
"He had all these diagrams showing how this guy was connected to that guy and to that guy," says a former NSA official who heard Alexander give briefings on the floor of the Information Dominance Center. "Some of my colleagues and I were skeptical. Later, we had a chance to review the information. It turns out that all [that] those guys were connected to were pizza shops."
A retired military officer who worked with Alexander also describes a "massive network chart" that was purportedly about al Qaeda and its connections in Afghanistan. Upon closer examination, the retired officer says, "We found there was no data behind the links. No verifiable sources. We later found out that a quarter of the guys named on the chart had already been killed in Afghanistan."
Those network charts have become more massive now that Alexander is running the NSA."
The way you describe it, he sounds like an inept manager who moves from job to job and tries to re-create that one success he had that one time, and forces some tool or technique out of context every he goes.
Hey folks, just a quick plug: If this stuff pisses you off, help make the rally that EFF, Mozilla and dozens of other public advocacy groups are planning in DC a success.
Sign up to attend, share, donate, whatever floats your boat:
This probably isn't going to be one of those rallies that only look big if photographed properly. Some of these organizations know how to bring motivated people, and there seems to be a pretty broad group from left to right on the political spectrum.
I'm guessing the NSA intercepts all unencrypted SMTP traffic and uses the From: and To: addresses to build up your 'address book'.
So here is what you do:
1. Set up two servers in two separate countries which you think the NSA will be intercepting traffic between.
2. Send random emails From: your@email.address and To: random@email.addresses between the servers - the receiving servers should not relay the messages, just drop the mail on the floor.
This should fill the NSA's 'address book' of your contacts with noise. They will have the valid data, but they will also have a bunch of garbage.
Just make sure you don't send fake email between yourself and any known terrorists, communists or people who dress funny as the NSA may start paying more attention to you.
I'm sure others can think of other interesting variations on the theme.
The NSA's indiscriminate collection of contact information is only possible because irresponsible companies can't be bothered to encrypt their users' data as it passes over the network:
"It is unclear why the NSA collects more than twice as many address books from Yahoo than the other big services combined. One possibility is that Yahoo, unlike other service providers, has left connections to its users unencrypted by default."
1) It seems that the NSA is intent on cataloging every connection of everyone in the world. The best way for "secure" communications then would be to send encrypted messages to a few thousand random addresses, only one of which is the intended recipient with the private key necessary to decrypt it. Everyone else can write it off as spam.
2) I thought it funny that NSA took the time to write in the slides that they are annoyed by Android's IMAP implementation ("Android implementation in particular uses a lot of bandwidth").
3) Why release redacted versions of stolen documents whose release in any form is a violation of federal law anyway? This is like cleaning up your mess after robbing a bank. Might as well release the whole thing.
for #1 I was wondering if you could build a messaging system where the sending system didn't know the location of the recipient. It also would mask the connection between sender and recipient. Basically you would send a message to a key to several servers in the network. Each server would look at the key, and if it matched their address they would store the message. They would also forward the message along so an outside observer wouldn't know that that server held that inbox. Basically 10 messages would come in and the same 10 would come out and maybe one would be stored, but you couldn't tell that. You would have to age out the messages, and I'm not sure if you could guarantee delivery. By observing the network you could tell where messages were originating, but not where they were terminating. That is the extent of the though I put into it, it's fun to think about but I'm sure there are many holes in the idea.
for #3 the post runs the stories they publish past the government to make sure they do not publish anything that would be truly damaging. After consulting with the government I assume they decide what to redact and what is ok to publish. I think this was the crux of the government case against Manning in regards to responsible v. reckless disclosure.
In other words, the NSA is no different from private Internet companies like Facebook and LinkedIn who think its perfectly fine to furtively copy their user's email address books in order to mine them.
Remember LinkedIn's non-apology when faced with a lawsuit from users who felt it was inappropriately accessing their email accounts? https://news.ycombinator.com/item?id=6425444
What is so ironic is that time and time again when spies are caught they specifically make sure that they don't have address books neither on them or stored somewhere. So this is essentially nothing more than all the innocent people in the world. The only way I can see this technical solution producing results is if all the people in the world were cataloged and then the remaining ones were spied upon using field operatives.
Was this recently revealed by Snowdon? If so, I'm loving his tactic of slowly leaking it all out and keeping it relevant. If it all came out in one go it'd have a lot less impact in my opinion. I hope the leaks continue for a long time.
I am not quite sure why this is news (or even worth mentioning for that matter) given the fact that the NSA has demonstrated a propensity to collect pretty much any data it can get it's hands on. This revelation seems like a given fact. Should we also publish articles chronicling the NSA's collection of family secret recipes?
It's news because most people don't understand what "metadata" means in the abstract, and what the implications of the NSA having it are. This may be a sufficiently concrete invasion of privacy to reach the average person.
"When he ran INSCOM and was horning in on the NSA's turf, Alexander was fond of building charts that showed how a suspected terrorist was connected to a much broader network of people via his communications or the contacts in his phone or email account.
"He had all these diagrams showing how this guy was connected to that guy and to that guy," says a former NSA official who heard Alexander give briefings on the floor of the Information Dominance Center. "Some of my colleagues and I were skeptical. Later, we had a chance to review the information. It turns out that all [that] those guys were connected to were pizza shops."
A retired military officer who worked with Alexander also describes a "massive network chart" that was purportedly about al Qaeda and its connections in Afghanistan. Upon closer examination, the retired officer says, "We found there was no data behind the links. No verifiable sources. We later found out that a quarter of the guys named on the chart had already been killed in Afghanistan."
Those network charts have become more massive now that Alexander is running the NSA."
[1] http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_...