Top NSA Official: Government Tapping CONTENT, Not Just Metadata … Using Bogus “Secret Interpretation” of Patriot Act
Top NSA Official: Government Tapping CONTENT, Not Just Metadata … Using Bogus “Secret Interpretation” of Patriot Act
We reported in 2008 that foreign companies have had key roles scooping up Americans’ communications for the NSA:
At least two foreign companies play key roles in processing the information.
Specifically, an Israeli company called Narus processes all of the information tapped by AT &T (AT & T taps, and gives to the NSA, copies of all phone calls it processes), and an Israeli company called Verint processes information tapped by Verizon (Verizon also taps, and gives to the NSA, all of its calls).
Business Insider notes today:
The newest information regarding the NSA domestic spying scandal raises an important question: If America’s tech giants didn’t ‘participate knowingly’ in the dragnet of electronic communication, how does the NSA get all of their data?
One theory: the NSA hired two secretive Israeli companies to wiretap the U.S. telecommunications network.
In April 2012 Wired’s James Bamford — author of the book “The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America” — reported that two companies with extensive links to Israel’s intelligence service provided hardware and software the U.S. telecommunications network for the National Security Agency (NSA).
By doing so, this would imply, companies like Facebook and Google don’t have to explicitly provide the NSA with access to their servers because major Internet Service Providers (ISPs) such as AT&T and Verizon already allows the U.S. signals intelligence agency to eavesdrop on all of their data anyway.
From Bamford (emphasis ours):
Klein, an engineer, discovered the “secret room” at AT&T central office in San Francisco, through which the NSA actively “vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T” through the wiretapping rooms, emphasizing that “much of the data sent through AT&T to the NSA was purely domestic.”
Both Verint and Narus were founded in Israel in the 1990s.
“Anything that comes through (an internet protocol network), we can record,” Steve Bannerman, marketing vice president of Narus, a Mountain View, California company, said. “We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their (voice over internet protocol) calls.”
With a telecom wiretap the NSA only needs companies like Microsoft, Google, and Apple to passively participate while the agency to intercepts, stores, and analyzes their communication data. The indirect nature of the agreement would provide tech giants with plausible deniability.
And having a foreign contractor bug the telecom grid would mean that the NSA gained access to most of the domestic traffic flowing through the U.S. without technicallydoing it themselves.
This would provide the NSA, whose official mission is to spy on foreign communications, with plausible deniability regarding domestic snooping.
The reason that Business Insider is speculating about the use of private Israeli companies to thwart the law is that 2 high-ranking members of the Senate Intelligence Committee – Senators Wyden and Udall – have long said that the government has adopted a secret interpretation of section 215 of the Patriot Act which would shock Americans, because it provides a breathtakingly wide program of spying.
Last December, top NSA whistleblower William Binney – a 32-year NSA veteran with the title of senior technical director, who headed the agency’s global digital data gathering program (featured in a New York Times documentary, and the source for much of what we know about NSA spying) – said that the government is using a secret interpretation of Section 215 of the Patriot Act which allows the government to obtain:
Any data in any third party, like any commercial data that’s held about U.S. citizens ….
(relevant quote starts at 4:19). [Click Here to watch the video.]
I called Binney to find out what he meant.
I began by asking Binney if Business Insider’s speculation was correct. Specifically, I asked Binney if the government’s secret interpretation of Section 215 of the Patriot Act was that a foreign company – like Narus, for example – could vacuum up information on Americans, and then the NSA would obtain that data under the excuse of spying on foreign entities … i.e. an Israeli company.
Binney replied no … it was broader than that.
Binney explained that the government is taking the position that it can gather and use any informationabout American citizens living on U.S. soil if it comes from:
Any service provider … any third party … any commercial company – like a telecom or internet service provider, libraries, medical companies – holding data about anyone, any U.S. citizen or anyone else.
I followed up to make sure I understood what Binney was saying, asking whether the government’s secret interpretation of Section 215 of the Patriot Act was that the government could use any information as long as it came from a private company … foreign or domestic. In other words, the government is using the antiquated, bogus legal argument that it was not using its governmental powers (called “acting under color of law” by judges), but that it was private companies just doing their thing (which the government happened to order all of the private companies to collect and fork over).
Binney confirmed that this was correct. This is what the phone company spying program and the Prismprogram – the government spying on big Internet companies – is based upon. Since all digital communications go through private company networks, websites or other systems, the government just demands that all of the companies turn them over.
Let’s use an analogy to understand how bogus this interpretation of the Patriot Act is. This argument is analogous to a Congressman hiring a hit man to shoot someone asking too many questions, and loaning him his gun to carry out the deed … and then later saying “I didn’t do it, it was that private citizen!” That wouldn’t pass the laugh test even at an unaccredited, web-based law school offered through a porn site.
I then asked the NSA veteran if the government’s claim that it is only spying on metadata – and not content – was correct. We have extensively documented that the government is likely recording contentas well. (And the government has previously admitted to “accidentally” collecting more information on Americans than was legal, and then gagged the judges so they couldn’t disclose the nature or extent of the violations.)
Binney said that was not true; the government is gathering everything, including content.
Binney explained – as he has many times before – that the government is storing everything, and creating a searchable database … to be used whenever it wants, for any purpose it wants (even just going after someone it doesn’t like).
Binney said that former FBI counter-terrorism agent Tim Clemente is correct when he says that nodigital data is safe (Clemente says that all digital communications are being recorded).
Binney gave me an idea of how powerful Narus recording systems are. There are probably 18 of them around the country, and they can each record 10 gigabytes of data – the equivalent of a million and a quarter emails with 1,000 characters each – per second.
Binney next confirmed the statement of the author of the Patriot Act – Congressman Jim Sensenbrenner – that the NSA spying programs violate the Patriot Act. After all, the Patriot Act is focused on spying on external threats … not on Americans.
Binney asked rhetorically: “How can an American court [FISA or otherwise] tell telecoms to cough up all domestic data?!”
Update: Binney sent the following clarifying email about content collection:
It’s clear to me that they are collecting most e-mail in full plus other text type data on the web.
As for phone calls, I don’t think they would record/transcribe the approximately 3 billion US-to-US calls every day. It’s more likely that they are recording and transcribing calls made by the 500,000 to 1,000,000 targets in the US and the world.
Government Built Spy-Access Into Most Popular Consumer Program Before 9/11
In researching the stunning pervasiveness of spying by the government (it’s much more wide spreadthan you’ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software.
A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows.The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA “help information” trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren [an expert in computer security]. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.
Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft’s developers had failed to remove or “strip” the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called “KEY”. The other was called “NSAKEY”.
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to “Advances in Cryptology, Crypto’99″ conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the “NSA” key was built into their software. But they refused to talk about what the key did, or why it had been put there without users’ knowledge.
A third key?!
But according to two witnesses attending the conference, even Microsoft’s top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was “stunned” to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the “entropy” of programming code.
Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.
Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone’s and everyone’s Windows computer to intelligence gathering techniques deployed by NSA’s burgeoning corps of “information warriors”.
According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system“. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.
“How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a ‘back door’ for NSA – making it orders of magnitude easier for the US government to access your computer?” he asked.
We have repeatedly pointed out that widespread spying on Americans began prior to 9/11.
Obama Asks Military to Draw Up Plans for Offensive Overseas Cyber-Strikes
Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.
An intelligence source with extensive knowledge of the National Security Agency’s systems told the Guardian … “We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world.”
The full classified directive repeatedly emphasizes that all cyber-operations must be conducted in accordance with US law and only as a complement to diplomatic and military options. But it also makes clear how both offensive and defensive cyber operations are central to US strategy.
Under the heading “Policy Reviews and Preparation”, a section marked “TS/NF” – top secret/no foreign – states: “The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities…” The deadline for the plan is six months after the approval of the directive.
The directive provides that any cyber-operations “intended or likely to produce cyber effects within the United States” require the approval of the president, except in the case of an “emergency cyber action”. When such an emergency arises, several departments, including the department of defense, are authorized to conduct such domestic operations without presidential approval.
Obama further authorized the use of offensive cyber attacks in foreign nations without their government’s consent whenever “US national interests and equities” require such nonconsensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls “anticipatory action taken against imminent threats”.
The directive makes multiple references to the use of offensive cyber attacks by the US military.
Greenwald and others have long reported that the Obama administration claims the right to be judge, jury and executioner in both drone assassinations and offensive cyber attacks.
Greenwald also reports that the head of the cyber command is the NSA boss … the same guyresponsible for much of the spying we’ve been hearing about:
In January, the Pentagon announced a major expansion of its Cyber Command Unit, under the command of General Keith Alexander, who is also the director of the NSA. That unit is responsible for executing both offensive and defensive cyber operations.
(There are other overlaps and interconnections between spying and warfare as well.)
The War Comes Home
Offensive cyber operations are not only occurring overseas …
This is not entirely surprising, given that:
- Programs which the government claims are aimed at foreign entities have long been used against American citizens living in the United States
- The “war on terror” has come home. If the government claims the power to assassinate and indefinitely detain American citizens living on U.S. soil … it’ s not going to hesitate in targeting them for propaganda and cyber-warfare
- The government has long sought to spread propaganda through mainstream media, video games,movies, television, and every other popular medium. Famed Watergate reporter Carl Bernstein saysthe CIA bought and paid for many successful journalists. See also this New York Times piece, this essay by the Independent, this speech by one of the premier writers on journalism, and this and this roundup. And the CIA is investing in technology which lets them cut out the middle man altogether … by having a computer write news stories
- On the other hand, real reporters who criticize those in power are being harassed, targeted and smeared
- Government agencies are scouring the Web for any critical comments about them, actively manipulating social media for propaganda purposes, and to help the too big to fail businesses compete against smaller businesses (and here), and to promote viewpoints which have nothing to do with keeping us safe