The Blob that Passed Telecom Immunity
Update: Well, this is unexpected. The 9th said no to the government request for a stay, pending hearing what the District Court has to say about the emergency appeal. Now it’s back in the District Court for one more attempt at a stay.
About a million of you have linked this Wired story, with the headline:
Telephone Company is Arm of Government, Feds Admit in Spy Suit
There’s actually stuff in the government’s motion for an emergency stay that I find much more interesting. For example, the language attempting to protect agency discussions with Congress describe Congress as a mere appendage to the executive branch which did not, in 2008, have its own distinct Constitutional interest in legislation concerning matters in which the executive branch had been found to have flouted duly passed laws.
In this case, the communications between the agencies and Congress were part of a collaborative effort to formulate revisions to FISA that would be acceptable both to the President and to Congress, and the communications themselves were relied on to develop the Executive Branch’s positions regarding the appropriate scope and content of the proposed legislation. Given the purpose and role of the communications in the agencies’ own deliberations, the agencies have regarded their communications with Congress as intra-agency documents under the foregoing lines of authority.
[snip]
In Klamath, the Court declined to treat communications between a federal agency and Indian tribes regarding water rights as intra-agency because, unlike outside consultants, the tribes had independent financial interests in the subject matter of the communications, and those interests were adverse to other claimants. See 532 U.S. at 11-15. But the collaborative relationship between Congress and the Executive Branch in the development of new legislation has no resemblance to the relationship between the agency and the tribes in Klamath. In providing the agencies with information and views about legislative options for use in the development of the Executive Branch’s own legislative position, Congress was participating in a common effort with the Executive Branch to advance the public interest. [my emphasis]
While I realize that may, in fact, be an accurate description of how Congress acted during this debate–the intelligence committees, in particular, served and continue to serve as branches of the intelligence agencies they purportedly oversee–it is a fascinating comment on the state of separation of powers that Congress would be described by the executive branch as a mere appendage to the executive branch.
As to the telecoms, the real argument the government is making here is that the Court did not account for the invocation of Exemption 3 (sources and methods) in its ruling. That is, they’re saying that irrespective of whether or not the Court finds their argument that the telecoms are basically an agency of the government valid, the Court should still protect the names of the telecoms lobbying the agencies because revealing them would also reveal which telecoms were parties to the government’s illegal wiretap program.
But I am rather interested in their claims about the telecoms being an agency for another reason.
These were telecoms lobbying! Lobbying about programs that brought them and will continue to bring them ongoing business. But by treating the telecoms as agencies for this negotiation, the Obama Administration–the same Administration that required contractors hoping to get stimulus funds to write up and post their lobbying requests with regards to that program–is treating this lobbying as part of the task that telecoms have been contracted to do by the government. We are paying telecom contractors–the Administration maintains–to lobby our government and elected representatives (who are, at this point, just an appendage to the executive branch anyway) to make sure they continue to get that contracted work.
Of course, it’s all the more perverse considering that the government is arguing we can’t have the emails we paid telecom contractors to write to make sure we’ll continue paying them to read all of our emails.
Like I said, none of this is an inaccurate statement of how the distance between contracting and lobbying collapses, and how the distance between supposedly separate branches of government collapses, in the era of the intelligence industrial complex.
But it doesn’t mean it’s legally justifiable.
I haven’t read a better synopsis in ages.
Thank you.
The telecoms are part of the Government. The congressional committees are arms of the executive branch.
Boxturtle (And the dog ate my homework)
Which is why it is entirely up to the President (from Sen. Reid’s point of view) to decide whether or not there is a P.O. in the Senate health insurance bill.
Thanks for this post EW. I understand the administration plans to appeal. Do you know which Appellate Court will get this?
I’m not sure ObamaCo could hand pick an appeals panel that would go along with that tortured legal reasoning. But time will still pass while the appeals court disposes of it. Then we wait for the inevitable appeal to the Supremes.
Boxturtle (Then we wait for the next “dog ate my homework” filing)
This is the 9th. The judge in question is the one from NDCA who may, in fact, be causing Holder more grey hair than Vaughn Walker. He’s the guy that let the suit against Yoo go forward.
I love the 9th : ) Thanks EW. This gray afternoon is looking a bit brighter now : )
To be fair, I’d bet they get their stay. And I bet they win on some of these issues, but not on the Congress=Executive=Lobbyists grounds.
I agree they’ll get their stay, but what grounds do you expect the government to win? The intelligence committees certainly aren’t an appendage.
Boxturtle (Congress is a barnacle?)
Well, I’d need to review the filings, but I’d be surprised if EFF got the names of the telecom execs and their companies.
You may well be right, but I would still expect the 9th to obliterate the argument that Congress=Executive=Lobbyists is a valid equation. It should make entertaining reading when the time comes.
Note the update.
The 9th said: No stay. Smith is sleeping on another emergency request for a stay over the weekend. Otherwise, EFF gets the documents.
Man, those SF courts don’t like illegal wiretapping, do they?
Oh boy, this is great! Nope, those SF courts seem thoroughly fed up with wiretapping and bs arguments from “whiney” gov’t lawyers : )
Actually I think this is procedural. The govt skipped the judge because they were being pissy and the 9th is saying, nope, gotta ask the district first.
I know you are kindly trying to tamp down my enthusiasm to prevent future disappointment, but at the moment the Yankees are down 3-1 to the Twins, so alas you will not succeed.
Nonetheless, I appreciate the clarification ; )
It looks like that is exactly right. On the other hand, they skipped Jeff White for a reason, he ain’t exactly friendly to them at this point; let’s hope he follows through and bounces them.
But then the 9th gets another crack, right?
And will Fletcher and Rawlinson get this back when it does come back to them? And is that a good thing or a bad thing?
Correct, and I don’t know if it would go back to them. It came in as an emergency filing and therefore was given to the hot judges I assume. Since there was no consideration on the merits, it might reenter on the normal wheel.
Nope! And they shouldn’t.
I worked for one of the Big 3 carriers from 2000 till Spring 2008 (quit in disagreement and disgust), and in Telcom for over 10 years. Now I work for a little regional outfit nobody has ever heard of, and you know what? We only respond via subpoena, and I am one of the people that is trained to go and read the record at a trial.
It’s a subpoena duces tecum process, where we will provide the record only about the specific dates and times in question, and then due to the way our records work, must interpret under questioning for a jury.
Happens several times per year and the last case for me, sadly was a murder case, in which the perp was found guilty. The victims murder was actually recorded on her phone.
The point for me is, we only provided records for that day, and individual days that contact between the perp and the victim occurred, and only those records, and under subpoena.
The Big 3 are frikking a-holes, and sure act like they are a part of the government. I’ve been tempted to FOIA the amount of employees of ATT, VZ and S that have Secret or above clearances; many positions at those carriers require such clearance.
This isn’t really surprising if they didn’t go to the Dist Ct first. The 9th is treating it more like an interlocutory, where you have to ask the Dist Ct first to basically certify the “appealability” of the issue (as opposed to saying that the Court agrees with the argument being appealed)and only get to ask App Ct to take the appeal if you are turned down in you request to the Dist Ct to let you appeal. They probably felt certain, with the other turn downs, that it wasn’t worth going to Dist Ct and maybe even that they could argue they had basically made the request to certify the appeal in the context of their requests for stay.
Yeah, figured that out. Thanks. I bet they get their stay…
It’s simple really, the government has to keep secret it methods of protecting its citizens from the government.
Sheez louise. It’s pretty damn staggering, isn’t it? So, we now have the admission of “color of law” for any 4th Amendment/Bivens action vis a vis the telecoms? Well, who knows. The “agencies” and the Courts haven’t finished “collaborating” yet I guess. After all, I guess the briefs are subject to Exec privilege.
BTW – this does tie to the place where I thought, once upon a time, that Walker might be going. Give the telecoms their “immunity” and then make them open their files for discovery.
Someone really does need to draw a line in the sand and clarify that just snorting coke and screwing hookers while you put in a little time engaging in illegal search and seizures, topped of with some childnapping and torture, doesn’t necessarily make you an Agency of the United States government.
I know it can be tricky and hard to see the distinction, but it’s there.
Or not.
I’m curious about the attorneys that wrote this motion, so I went to the DOJ website and searched a bit.
Both Douglas N. Letter and Scott R. McIntosh have a lengthy history at DOJ. Letter, for instance, was working at the DOJ in 1989 with Solictor General Ken Starr, filing a brief with SCOTUS asking them to deny cert in a petition on a case against the CIA. From the brief:
(Cert was denied, btw)
McIntosh, for his part, worked on appellate filings as far back as the Reagan years, appearing on this one alongside SG Charles Fried and AAG John R. Bolton. (Yes, that John Bolton.)
Each of these two also appear on other filings by the DOJ over the years.
Perhaps the most interesting place these two names appeared, however, was when they appeared alongside each other in a Sept 12, 2006 Press Release:
Scrolling down past the big awards, we come to this:
Why am I not surprised that folks who worked for Bolton, Starr, and Olsen, and won applause and honors from AGAG have written a motion like this one, erasing the separation of powers and bolstering the immunity of the executive branch from any kind of oversight, let alone accountability . . .
I have not followed this case very closely, but, man oh man, the government must have really pissed off this judge. He went right up to the line, practically telling the government to go to hell. I especially like his cite of Obama’s FOIA memo in the footnote.
To be fair, they let Vitter negotiate that one for them and they thought they were going to be a whole different appendage.
BTW – does DOJ flat out say that giving up the names will demonstrate who participated in the program? Bc that seems like spec to me – from a legal v practical standpoint.
Here’s what they say:
Imagine how far one could take this analogy. All contractors – Blackwater/Xe, KBR, IBM – to whom the Cheney/Bush regime outsourced government work would be extensions of the executive branch, and their communications would be protected from disclosure. Accused felons “helping police with their enquiries” might be regarded as having similar and non-conflicting interests. Poof goes the Fifth Amendment.
Pre-Bush, these would be absurd fantasies. Post-Bush, in an era where legislation de-funding ACORN threatens to de-fund all government contractors, it’s no longer fantastic.
My, what a wonderful cloth this constitutional scholar-led presidency is unweaving.
I can’t find it now, but I recall Blackwater making exactly that kind of argument in trying to claim immunity for their work in Iraq. “You can’t sue us, because we’re working as agents of the government, and the government can’t be sued for this.”
One of the underlying interesting aspects of the fight is that White has ruled they improperly invoked Exemption 6 to hide the telecom execs IDs, even while the govt is ALSO saying that merits an Exemption 3 on sources and methods.
Well, the CIA belatedly (meaning, the second Vaughn Index) invoked Exemption 6 to protect Mitchell and Jessen in its torture docs in NY. Obviously, Hellerstein has ruled in their favor on that one.
So while I think EFF doesn’t get the telecom execs names in any case, that does mean there is a conflict in those two rulings.
I can’t imagine how a ‘literalist’ ‘plain reading’ of the Constitution could arrive at the conclusion that gov’t and non-gov’t bodies are one and the same. But then, this same Supreme Court has to also decide if a Corporation is a Person (specifically a citizen of the U.S.A.) and I have little faith they’ll get that right.
We need these issues to come to a head, and that makes many people nervous. But, we also need one of two conclusions: that the Court decides correctly or it decides incorrectly and those who got it wrong should be removed.
Several cases are on the way and there may be one or two more yet to appear. Cross your fingers ’cause it’s going to be a bumpy (and very slow) ride.
could permit inferences
Sounds pretty spec to me. I guess looking at which members of Congress voted for the legislation could permit inferences of conspiracy to obstruct, but you need a bit more than “could permit inferences” I would think. Thanks for pulling up the language.
Well, also keep in mind that although the email providers trade group opposed immunity, it would be rather telling if, say Cisco showed up or something.
It would be – maybe you could start a Church of the Inferentialists and become an agency of Gov too? *g*
This to my mind is one of the salient points.
The names of the Telcos lobbying for immunity is a red herring. These are known by dint of the limited number of Telcos that actually exist that could provide the required government snooping, and it ain’t gonna be Beaver Butt Telecommunications serving all of 10 folks in upper International Falls, Minnesota.
No, the real scoop will be the names of the email providers who have for the most part (an exception being at this blog) escaped any scrutiny for the bulk provisioning of the Federal government’s data mining email databases.
And no EW, Cisco is a network router provider, not an email provider, so they’ll not be on the lobbying list.
Folks like Comcast, Google (Gmail), Yahoo, and Microsoft (Hotmail) are the ones shitting their britches.
Well, again, the email providers were the ones who OPPOSED immunity, presumably bc they fought disclosure but someone took their signal in transit.
Which is why I said Cisco–someone like that would be an interesting surprise.
Cisco is an Internet traffic provider by dint of their routing technology (all traffic flows through routers), so I’ll grant you their name could be on the list, but they’re not, per se, an email provider themselves except that email traffic is a subset of the Internet traffic that flows through their routers.
And I’d also like to highlight why the names of email providers is so important (at least to me and many other Emptywheel denizens).
The Telcos carry all kinds of traffic across their networks. Voice and Internet traffic are the ones most people understand.
However, Voice traffic, if it was being scooped up for the Federal government (and some likely was), would generally consist of only who called whom.
But importantly, it would generally not be the actual content of the Voice traffic.
In the case of Internet traffic, and in particular, Email, that would consist of both the sender and receiver(s) identification, as well as the content of the email!
If you were a NSA snoop, what would you rather have?
Just the fact that John contacted Joe, or the fact that John contacted Joe and discussed learning how to fly 747 Jumbos but didn’t care about learning how to land them?
Content trumps connections!
All along it has been universal TradMed conventional wisdom that the Bush/Cheney regime’s TSP was illegally “wiretapping” and that they were “listening” to folks’ telephone conversations.
I’m sure that some of that actually occurred, but the majority take of the NSA illegal snooping was the email, website and blog traffic.
And it was the content, not merely the connections, that was the priority!
I understand the difference.
Here’s the puzzle.
We know the email providers were OPPOSED to immunity. Opposed.
We know that the big secret here–as you’re pointing out–is that the govt got the emails.
That says the email providers did not cooperate in such a way that they will get in trouble AND that they would be happy to have someone who DID cooperate be exposed. Now it might JUST be the telecomms they’re after. But if there’s a secret company–aside from companies like Narus–who might that company be?
Excellent points!
In response, let me draw some pictures. *g*
First, I do agree that the email providers trade group opposed immunity. One could reasonably make an assumption that the individual email providers themselves held the same view, but that assumption may not be true. We’ll see, or at least, I hope we’ll see. *g*
But back to my drawing a picture or two. *g*
I find the idea of a network router provider like Cisco being a part of the illegal TSP vacumm cleaner “technically” difficult. The reason is the way that the Internet actually works. From Wiki:
Another way to draw this picture *g*, is to think of a “matrix” with dozens and dozens of “endpoints”, all of which are interconnected.
Draw yourself a picture with a dozen different “endpoints” and then draw at least two lines from each “endpoint” connected to another different “endpoint”.
Now consider a blog comment of the length of this one. Let’s say 200 words. Since my commentary of “200 words” won’t fit in a single Internet packet, it gets put into multiple Internet packets.
And those multiple Internet packets are routed across the Internet “independent” of each other. In other words, part of my commentary (packets) may travel from St. Paul to Chicago to New York to Dallas (or wherever the FDL servers now reside).
Another part of my commentary (packets) may travel from St. Paul to San Francisco to Denver to Dallas (again to the final destination where the FDL servers now reside).
My point is that individual packets are routed individually across the Internet, and that each packet may take a totally different path to get to the final destination.
At the final router destination, the packets are reassembled together to form that total 200 word comment.
And this highlights the technical problem with using those Cisco network routers as the vacuum cleaner nozzle for capturing Internet traffic.
In order for that scheme to work, one would have to tap each and every single Cisco network router (or other vendors’ network routers) on the entire worldwide Internet network in order to ensure the reassemblage of any individual email message, website or blog commentary, etc.
I’m not saying that I’ve thought through just exactly how the NSA & Co. did in fact accomplish their technical task of vacuuming up Internet traffic, but the network router scenario doesn’t seem to be a real feasible method.
I’m not wedded to Cisco per se. But I’m asking you, the geek, where else the surprise company may be. Suffice it to say I mostly doubt that the trade org would OPPOSE immunity–as opposed to simply not take a position–if its large members were split on such a position.
You have asked the EXACT QUESTION!
The packet IDs are exactly what get aggregated back into one coherent message and it’s at the SWITCH level! They have to suck up the entire switch volume of packet messages to get the traffic they want to isolate. Same problem, same cure for both voice (over IP) and data.
Routers only rout. Switches “assemble.”
Yeah, but guys: Basically all internet traffic hits the backbone at some point. Access to the backbone is via a manageable number of very powerful routers, usually by Cisco. Those routers are just screenless special purpose computers, so they can be reprogrammed, and in fact Cisco issues software updates all the time. So, if Cisco reprogrammed the backbone routers to silently siphon off a split of all of their traffic and send it to NSA HQ, it would be totally undetectable by us.
So don’t count Cisco out. In fact the info they’re involved would indeed be a huge sources & methods clue.
Also, I don’t understand why the assumption mass phone traffic content is not being, or necessarily cannot be, recorded, since a few days ago we did the math here and it’s really no longer out of the question at all from a storage perspective.
At least with respect to the Hepting vs ATT case, Mark Klein’s documentation (22 page PDF) shows the Narus capture connection at the fiber cable “circuit” level rather than having to fuss around with anything on a Cisco router.
As I understand it, the Narus box with its ultra highspeed comm adapter simply splits off a full copy of the light passing through the fiber cable and therefore gets the entirety of all the digital data flowing through that fiber cable pipe.
If there is any actual re-assembly at the carrier network level for internet packets, then that is news to me. For non-voice IP internet traffic, message “reassembly” according to the packet sequence number in the packet happens within the IP stack of the destination device, i.e inside your PC. (Actually this is only true for TCP/IP where a single message can span multiple packets, not UDP/IP where every packet is a separate self contained “datagram”, though both use and depend on the IP stack to use the packet sequence number to get the received packets back into the correct order.)
Since my last comment was getting way too long (database connection errors indicated so *g*), I thought I’d address this part of your comment here.
I’m still leaning toward actual email providers like Comcast, Google with Gmail, Microsoft with Hotmail, etc. having participated, and here’s my explanation as to why.
In my comment at # 37, I explained why I think the network router as “vacuum cleaner” nexus doesn’t really technically work from a feasibility perspective. That same logic also applies to simply leeching everything directly from Telco network “pipes”. You’d have to have every single pipe covered in order to do the packet reassembly.
On the other hand, actual email providers are an excellent technical “endpoint” for provisioning the NSA illegal vacuum cleaner. At least with US-based corporations providing email.
All the email they provide ends up residing on their servers. Stuff that’s sent, and stuff that’s received. No worry about reassembly because it’s not represented at a packet level but at a message level.
Where my scenario starts crumbling is where a terrorist uses, for example, an email provider like “Dubai Freemail” to contact another colleague who uses “Chechnya Almostfreemail”, and neither of these email providers are US-based corporations nor are their servers physically within the US.
But that aspect of the NSA’s work is neither against US law nor germane to the illegal domestic operations that are at issue.
I’m guessing that the NSA illegal vacuum cleaner efforts were multi-faceted and across a wide spectrum of provider technologies because otherwise, they simply were too many tributaries that would get overlooked, and hence, significant Internet traffic that got missed.
In the end, I find it doubtful that they could monitor/capture it all. The Internet is just too big, and a good part of it is outside the US and the US’s ability to successfully covertly penetrate.
So does that anwer your question? No, and I admit I can’t grok the sum total. We’re still in the dark and not sure which part of the elephant we’re touching. *g*
Nope, still doesn’t answer my question, nor does it account for what I understand Narus to be able to do.
The email providers’ trade group was opposed to immunity. Not neutral, not silent, but opposed. So while I know and understand everything you’re saying–and David Kris has said that the problem is that the servers for the biggest freebies, Hotmail and Yahoo, are in the US and if that’s the legal problem then it would suggest the email providers cooperated–none of that plausibly explains why they would oppose, pay money to their trade group to oppose, immunity.
Two things to keep in mind though. This was data mining and then wiretap, the latter possibly as a quasi legal tap on overseas communication. So there are two potential points of cooperation, and at the data mining level we have reason to believe they were just working with meta data.
Yeah, I know I still haven’t answered why the email provider trade group opposed immunity.
Frankly, I don’t have an answer for you. *g*
I still maintain that email provider complicity is a good bet though. *g*
Well, what if they were complicit in the tap side–turning over targeted emails. But they weren’t complicit in the data mining side–the selection of which emails the govt wanted? Wouldn’t it piss of the email providers if the govt repeatedly came to them and said “we want these emails,” having selected them based on meta data accessed outside of the servers to make it closer to legal (bc at that point you can claim it’s foreign to foreign).
More good points!
I started thinking about coming at this issue from another perspective (not finished thinking it through just yet so caveat emptor *g*).
As we all well know, IANAL, but here goes anyway. *g*
The email providers opposed immunity because they didn’t believe they were acting criminally and had no need for the tarred brush of “immunity”.
I seem to remember that there is no expectation of privacy with emails — the Stored Communications Act component of the Electronic Privacy Communications Act – per Wiki:
(My Bold)
So with your “targeted emails” and “data-mining” points, let me stretch those to something like this:
“Hey email provider, here’s a rolling 2703(d) order. Gimme all of your emails that have been opened. I’ll be back next week for the next batch ad infinitum. And don’t fookin’ tell no one!”
Sorry, what does remote computing service mean here? Isn’t that as distinct from a server? Wouldn’t that support that it is easier to get email when it’s not in a server?
Sorry, I forgot to include the link to the Wiki article on the Stored Communications Act.
Basically, it says that there are 2 types of “Stored Communications”:
Emails that have been opened and then “kept” by the user are therefore considered “stored” stuff under the 2nd type of online service – remote computing services and have a far lower legal acquisition threshold.
(Just piling on with an illustration:) Most email client programs have a setting to control how long to leave your fetched emails on the server before deleting them. For example, in Apple Mail’s Preferences dialog, this setting appears under Accounts, in the Advanced tab. Sounds like ‘opened’ in the statute means ‘fetched’ in regular-folks lingo, in which case the period between fetch and delete would be when your emails on the server would be legally vulnerable.
Bingo.
This is what they’re doing. It shows up in David Kris’ writing (back when he was a private citizen and trying to figure out what they had done). I’m not sure exactly what it means, yet, but this is what they’ve done.
Okay, this is undoubtedly overly simplistic, and thus why I usually leave this stuff to you guys, but if the surveillance blood was being siphoned off the main line, what would the email providers have to be worried about? Wouldn’t the real illegal part have been the getting of the actual content at the mainline, which the email providers didn’t participate in?
I could have this totally misinterpreted, but that indicates to me a shift in methods over time.
Actually one thing (besides the email message headers and/or email content) that they could get most easily at the email providers would be the times/dates when email was checked. And I suppose the IP address(es) from which the customer was doing the checking.
I do agree with your main point. A couple of things come to mind.
If the NSA was, as is suspected, monitoring and capturing all “foreign to domestic” Internet traffic at these limited number of entry points to the US, then they’d get all the email that Abdullah from Pakistan was sending to Zazi in Denver.
And no email provider would be the wiser, nor would they be complicit in any illegality.
What they wouldn’t be getting was the emails Zazi in Denver was sending to Joe in New York.
And they’d want those emails because of the “community of interest” data mining mindset.
Nevermind the fact that Joe in New York was only Zazi’s bowling league captain.
And that is where the email providers get pulled into providing a wider and wider range of emails based on nothing more than “x degrees of separation”.
And based on that Stored Communications Act, one could well imagine the email providers providing continual bulk deliveries of emails with very broadly interpreted 2703(d) orders with indefinitely delayed notice.
Again, I just guessing here, but that the email providers were contemptuous of needing immunity and felt that they were/are acting under cover of the law.
Just the backbone onramps.
Yes and no. *g*
Every onramp/offramp. Not everything traverses the “backbone”.
Secondly, what is the “backbone” anymore?
I used to view it as any router-to-router connection, but that is far too simple these days. The almost exponential build-out of fiber has made defining the “backbone” damn tough, and perhaps even obselete.
P2P systems like Napster blew that “backbone” concept apart and that was almost 10 years ago now.
And then you add in networking like WiFi and MiFi…
So I’m back to saying that the feasibility of monitoring all the traversable connections, even just domestically, is probably already beyond the scope of even the NSA.
Don’t think backbone is dead really. Couple things.
First, it’s not all a million strands of hair going off in wildly different directions. There are patterns, major arteries, nerve bundles, etc. See just one of the many visualizations that have been done, http://upload.wikimedia.org/wi….._1024.jpg.
Importantly, there are direct interconnects between major carriers which could be seen as choke points, or potential choke points, see http://en.wikipedia.org/wiki/I…..nge_point. This is a major class of backbone onramp.
Also if routers really have been, or can be, reprogrammed to favor some upstream connections over others then the number of chokepoints could be reduced further still.
Hmmm
Can you say more about what this means?
I’m thinking in terms of the way they used 215 and then changed the pen register so they could get the IDs of the people picked up, not just “the numbers” (admitting that they’re also talking about emails so IPs). There was a very redacted passage explaining what by using 215 and later the new pen register, they could get the “numbers” of the carrier. But is there a way they could get it all?
Here’s another thing. In one of the examples where FBI didn’t get its 215, the agent said she got it off of public databases. That could be IP lookup. So if you’re an FBI agent and want to know who owns an IP address, where do you go, if you’re using a 215 order or now pen register?
On the ISP direct connections, see the IXPs described in the wiki page I linked @58, it’s well explained there; also the list @63.
On the pen registers thing, there are basically two ways to get from an IP address to a subscriber identity. If the subscriber has fixed-IP-address service then it’s a simple look-up in the ISP records. If it’s a dynamic-ISP account then the ISP has more work to do, they have to look inside their machine(s) that assign the IP addresses and see what subscriber had that IP address at the time that packet was transmitted. So if dynamic they need specific time and date in addition to the IP address.
Now, if some agency somewhere has been hoovering internet traffic for a while, and a previous transmission known to have come from the subscriber is found — and if that subscriber has fixed-IP-addr service — then the two can be matched to ID the subscriber based on having just the IP addr. But this doesn’t work for dynamic IP addresses, or rather it again takes more work on the ISP’s part to go find out what IP addr the subscriber had, both at the time of the old packet, and at the time of the new packet.
Not sure the existence of the IXP’s helps any with understanding the IP addr thing.
HTH.
Oh, on the IXP’s if you’re asking what I meant by chokepoints, just that there are relatively few of these interconnection points, and most (per MD) or all (per me) of the internet traffic passes through them, so that’s where you want to put your taps.
Piece of cake! There is tons of little software programs that can give you this info.
For example, I use something called SmartWhois. This is what it gives me for FDL:
Every IP packet has both a source and a destination, both of which are exactly the same kind of IP address. What you just showed only works for the domain/server side of the equation, not the particular ISP subscriber on the other end, like an investigation subject would be. In my @66 I describe the harder steps it takes to find the individual under investigation, not the server as you’ve shown.
For anyone following along, please see ’source address’ and ‘destination address’ in this diagram.
Interesting list of the IXPs in the US (linked from that wiki page):
So where does this all leave us?
One way to go would be to ignore the “domestic to domestic” scenario (mighty fookin’ complicated *g*) and focus on the “foreign to domestic” scenario.
It is my understanding (and I may be wrong; won’t be the first time *g*), but I seem to recall that there are only a limited number of “foreign to domestic” network entry sites in the US. I believe that former AT&T technician Mark Klein made this point (and I wish he was here right now *g*).
Those limited “foreign to domestic” network entry sites would more easily lend themselves to the Narus-type technology for scanning and capturing “foreign to domestic” communications for any terrorist-related stuff.
And if all “foreign to domestic” packets had to enter the US through these limited network entry sites, the reassembly of those packets would be a far easier task than that of monitoring and capturing all “domestic to domestic” Internet packets.
The legal issue is still the fact that the vast majority of such monitored and captured Internet traffic would be totally innocent communications, and many in fact would be traffic that was between US citizens.
If I had to guess, I would think that what took place (and is likely still taking place), is a number of different monitoring and capturing programs targeted at different aspects of the Internet.
Such as all “foreign to domestic” Internet communications are monitored and likely captured. Such as all email provided by US-based companies such as Google and Microsoft are scanned for terroristic content and perhaps retained under government direction if not on government repositories.
This isn’t so hard. Not saying every pipe is covered but as a practical matter its not so hard. Those router makers provide special access for that sort of stuff (too tired to find the Cisco reference link, but I’ve worked where it was actively used for a software development purpose).
————————————-
I suspect the usurpation of ancillary actors goes back to an assumption of an authority to act with war powers. The AUMF has truly bitten us on the butt. And frankly, BHO is basically stuck defending this crap.
What criteria have to be met for that AUMF to be null & void? Would it be objective measures or would the law have to be repealed?
In response to both you and Hmmm at # 58, take a good look at that map Hmmm linked to (tis here).
Now locate a “backbone”. Good luck! *g*
Now try to monitor all the traffic flowing on all those major pipe pathways. Even better luck! *g*
I’m not saying it is impossible. I’m saying that it is infeasible. Big difference. *g*
I think I’m going to stick with my point of monitoring/capturing traffic at those limited number of “foreign to domestic” points here in the US. That seems both more relevant to the NSA illegal surveillance and more feasible.
I understand your technical point and appreciate your skepticism. However, the diagram is already very heavily radial in topography. Reprogram the lower-level routers to use only the tapped upstream paths and it gets real easy real fast. Hence the central potential role of Cisco.
Understand.
Now which of those points are the easily (and disposable) email/chat account entry points?
yahoo
gmail
msn/hotmail
AIM
….
Maybe thats all a red herring since being at war means you can ask for the data at the vendors. Looking for a lawyer here to explain to me the precedent for not considering war-time negotiations for contractors privileged. I don’t believe it should be, but I don’t know the precedence.
Also, if you zoom in on the inset on the lower right corner, doesn’t seem so daunting after all.
Yep. For the vast majority of nodes, there are many more downstream connections than there are upstream connections. That’s the Achilles’ Heel.
I’m reading the motion now – what whiney drafters.
I kinda like this
So is DOJ going to go with the admission that their intervention might have *permitted an inference* that those telecoms were involved in the program? Are they going to file criminal charges against the lawyers who intervened and thereby disclosed all those sources and methods, by, ya know, having people speculate over why they intervened?
What skizzed right by me until now that I am reading this is that the EFF requests are to get docs from, among others:
So this gets even better. They aren’t just talking about exchanges between telecoms and political operatives like a Rove, they are talking about exchanges between the Dept of Justice and potential defendants against criminal charges. Potential felons lobbying DOJ to draft legislation to give them immunity. Gee Men Ee. And OLC – wth are they doing in contact with OLC? Lobbying for the opinions? I’ve said it before, but one thing OLC has advertised itself as being prohibited from doing, over and over, is giving advice to non-gov.
In any event, this is even more mind boggling to me now. DOJ is saying that, when guys looking at massive felony charges show up to de facto the buy off the prosecutors, they become “agencies” of gov. If Gov decides to “align with” felons, then the criminals become gov agencies and the prosecutors become their defense counsel.
Also, I haven’t seen all the underlying pleadings, but when Gov says:
it leaves me wondering about the who, what, when, where, why and how of those contentions. “the agencies” is pretty damn evasive and almost sounds like an effort to exculpate DOJ that is filing this brief, excep that, the DOJ that is filing this brief is the umbrella of most of “the agencies” who are supposed to be responding. So did someone with DOJ file a declaration or provide a brief to the effect that the agencies had actually consideredthe context of their communications with telecoms way back before those were starting or at least early on, and had decided that the telecoms were a Gov agency? WTH has OLC been doing?
To get to EW’s point on things that might not make it out – there is an issue on some info that appears to be actually inter-agency and intra-agency, although it looks like a lot of those end up getting replicated, lifted in part, referenced, duplicated, etc. in things exchanged with the telecoms, so if there is proper privilege there, you have to wonder when it gets destroyed. Still, I can see this being an issue on appeal.
I’m not sure, though, how discussions to obstruct the application of criminal statutes to co-conspirators and co-criminals between DOJ and WH and DOJ divisions is necessarily the sort of stuff for which there is a proper privilege. Interesting.
Nice to see an effort to generate case law under the all writs act too.
And it’s so nice to see Gov arguing that dammit, there should be a right to “meaningful review” before something irreversible happens. (Like torture, maybe? Nah, like embarassing a telecom over their massive FISA felonies)
BTW – did I miss the place where DOJ managed to get itself established as a religion?
p.14 or have one or more churches also been made “agencies” of Gov?
Bush outsourced virtually everything else, why not this?
More seriously, what we might find is back-to-back, letter of credit or daisy-chain like arrangements. The OLC’s opinions were necessary elements, but could be directed to and benefit only executive branch players. They were only the first or second of multiple tiers. The privates got antsy, because those OLC opinions had to be specific enough and issued to the right people so that they would adequately protect their intended, private company beneficiaries down stream. Which led to direct communications between those intended beneficiaries and the OLC. If you were a Fortune 100 general counsel, would you trust ‘Fredo to get the right letter out of the OLC?
The communications themselves, as well as their subject matter, might well be inappropriate or highly objectionable. Hence, this continuing major effort to keep the info. secret.
As related to this post’s topic, folks might want to take a good read of this article by James Bamford today in the New York Review of Books:
Utah and Texas huh? I wonder who Hatched this Bushie scheme to have all that information at their fingertips?
They might not have read/heard it all when it was collected, but by golly they’ll be able to research it to find friends & foes and financial opportunities and ways to blackmail. Sounds like fun.
This is NOT good.
I had read about some community issues with the San Antonio site maybe a month or so ago, but the James Bamford article today added a far greated depth to understanding what is actually taking place at these sites.
And you’re right; no good at all!
Linky??
Ah, it was way back at my # 27. But tis here again.
Here’s what the 9th said:
Staking bmaz outside has paid off dividends for us all !
On the one hand, such ruling by the 9th consistent the DoJ to adhere to a history in the hundreds of years, extending back to the aulde country & from there through much of the reach of the former Brit Empire, whereby the losing side is to seek a stay pending appeal from the judge it lost in front of, because that judge is in a better position to reflect on the seriousness of the subject matter that will be involved in the appeal –
– which, on the other hand, is why so often attorneys for the losing side try to circumvent the historically approved route [and get away with it often enough & otherwise with no to minimal consequences], deliberately or out of ignorance [sometimes genuine ignorance–which I’m not sure makes it any better].
So I wouldn’t be inclined to read too much into such denial per se — normally.
The problem for the feds side here is, as several here have urged [maddog mainly? anyway, I agree], this ruling is really not open to appeal & the feds’ briefs are just as short of rocket science as they appear. I think I appreciate the thrust of fearless leader’s speculations on the feds possibly obtaining some success in drawing back in some documents from the effect of the order from Oct 7 on the basis of where Judge White drew lines;
but the Circuit Courts, in my experience, have to be pretty strongly motivated to get into the kinds of line-drawing review exercises that SCOTUS & precedent keep saying is not their job [aside from cheap shots during blatant political exercises, as we saw recently with the firefighters’ case].
Watching the game and very distracted, but this caught my eye.
Does this mean they did spy on the tribes?
I say this because I know some of the people who may have been spyed on
PS Go Twins!!! Defeat the Evil Empire
Regarding Cisco possibilities, have you forgotten John Piondexter and Total Information Awareness? I think the pertinent acronym is GENISYS; “ultra-large, all-source information repositories”, which would use routers to collect Internet traffic. Hmmm?
Tried to find the post where in comments we did the math on full phone call content collection and storage… but if it hasn’t been removed, then it seems I am unable to find it any more.
Coming at this from a different angle, Nomi Prins’ essential “Other People’s Money” has an extensive section on the financial fraud and related shenanigans that occurred in telecom from the mid-1990s onward.
One particular horror was Global Crossings, headquartered in the Bermudas in order to avoid paying US taxes. It engaged in massive ‘capacity swapping’ (which is somewhat like the futures trades that occurred with Enron, only on ‘future fiber optic’, if that makes sense).
We forget that mid-2001 brought telecom bankruptcies:
Winstar Cmu $4,980,000,000,000 in April 2001;
PSInet $4,500,000,000,000 in May 2001;
360networks $5,600,000,000,000 in June 2001
Meanwhile, Global Crossing was booking 1,000,000,000,000 in ‘revenue’ from IRU capacity swaps, selling off assets, and not paying vendors.
It was selling future capacity that it did not own and could not service.
28 Jan 2002, Global Crossing became the fourth largest US bankruptcy in US history. (WorldCom superceded it by July 2002.)
Its investors included the Texas Teachers fund and other pension funds.
Interesting nugget: in April 1998, George W Bush had been invited to speak to Global Crossings international conference in Tokyo. His $80,000 fee was ‘paid’ with 100,000 pre-IPO shares of Global Crossing stock, which he sold in 1999 and 2000 for about $4,500,000.
In 1998, private Global Crossing was taken public via an IPO for which Merrill Lynch and Salomon Bros each received $30,000,000.
According to the phenomenally detailed Prins, telecoms comprised more than 25% of the $15,000,000,000 fees raked in by Wall Street during the 1990s.
Remember that telecom was deregulated in 1996.
Recall that by 2002, Bernie Ebbers had extracted something like $77,000,000 in ‘compensation’ from WorldCom, which was cutting whatever deals it could during the first Bush-Cheney years.
I’m not commenting to diminish anything written on this thread up to this point; however, there is a critical piece that is not technical. It is social-economic.
Given the absolutely lunacy of the accounting practices, bullshit deals, and bogus future promises among some of these telecoms in the late 1990s-early 2000s, they were desperate for revenue and for government favors.
Were they lobbying Congress-WH-Military?
Hell, yes, they were.
If they lost those contracts, their books were going to melt down, and these companies were still fueling Wall Street’s bonuses. But they were in no condition financially to tell anyone like Cheney to take a flying f*ck.
If you read a bit about the financials and the deal making, they were probably going to do anything the government hinted they’d like done. And then they were going to lobby for more contracts as fast as they could, while counting on the government to pay their bills.
Excellent points!
This is exactly what I have been saying all along about Qwest and Nacchio. The scuttlebutt around the courthouse halls among defense attorneys has long been that Nacchio was not telling the Bushies that he wouldn’t play ball, but rather that he was holding out for bigger contracts and money that he desperately needed to cover his overheated books. They called his bluff and fucked him, but he was guilty. That is why I have never considered him quite the hero many have and have cautioned against that view.
Also recall the EO that lets corps lie to the SEC about their financials if faked financials are needed to prevent disclosure of NS operations. I would posit we haven’t the slightest idea what the financial health of any of the big telecoms is, insofar as they are running ten kinds of spying operations and getting paid for them, with both the costs and the income for all that totally off the books. When you look at the share of the US economy that those companies represent, that’s frickin’ scary.
I guess the bright side is that we also don’t know what the share of the also unknown NSA budget is going to pay for all of that. Oh wait, that’s not actually a bright side, is it?
Oh, I think we can safely assume that the neoFeudalists have the costs and income on the books… in Bermuda, or Taiwan, or other handy tax havens.
But Hmmmm… I had completely forgotten that EO you mention (!).
Wow, things make more creepy sense.
And bmaz, I never really understood your point about Nacchio, but I’m unlikely to forget it after re-reading Prins’ section on the telecom financials.
And can I simply just leave one more scornful expression of my utter contempt that GWBush ended up with $4.5 million for a single goddamn speech in Tokyo? (It does make one wonder whether Kissinger & Assoc. booked him, does it not?)
So wonder whether any of this fiber optic, over-sold, bullshit ‘revenue’ crap was involved in any of the ‘aspens turning‘ that Scooter Libby wrote about to Judy-Judy?
Because this shit sure is ‘connected at the roots‘: financial, technical. Illegal as hell, but all connected.
My point about Nacchio is simply that he is not the principled hero that many people seem to hold him out to be. It has been a while since he came up, but there would always be numerous people taking the position that Nacchio was admirable and principled because he didn’t participate in the Bush program because he thought it illegal and think he was wrongfully prosecuted in retaliation for it. What I have consistently maintained, based on certain things I have heard, is that the real story is that was his cover story and he really was more than willing to participate, he just wanted a better deal and he was desperate for that better deal to cover his books. And his books were bad and it was a legitimate prosecution of him (although it is highly doubtful they would have prosecuted had he played ball).
Fair enough, but if everyone’s books were bad, then why was Nacchio being prosecuted when the egregious Bernie Ebbers and the other telecom looters weren’t being sued?
That, on the surface, simply doesn’t make sense.
Unless it has something to do with his location: Denver.
Related to the Air Force installations there? Or in Utah? Or where…?
Because otherwise, given the amount of looting, of basically booking ‘future transmissions and capacity’ that appears to have been in full swarm, the prosecution of Nacchio — and him alone! — just does not make sense from the peanut gallery where I sit.
They did prosecute Ebbers.
Yeah, sorry about the error (was typing too fast… grrr). But Ebbers prosecution was more about $$; it didn’t seem the same as the charges against Nacchio, IIRC.
Netmaker and b4real, thank you both!
The technical charges against Ebbers and Nacchio were different, but both emanated out of securities fraud, false financial statements and insider trading. Both were “about the money”.
Okey dokey. Got it.
Thanks for the explanation!
And further, W(here)TF did this come from?
True? True? Bueler?
And for those who saw EW’s update of this:
Here’s the latest from EFF:
Dang – sorry I was duplicative – I should have read through first. What labdancer said at 36. Procedurally, you don’t skip asking the court you lost in front of to to stay it’s order as the first step – then if they turn you down on the stay, you can ask the Circuit ct, but usually not before.
For you: Two Guantanamo Bay Detainees Sent to Belgium, Kuwait (Update4)
It’s astonishing to think that this justice department, which ultimately reports to Barack Obama, who used to be a lecturer in constitutional law at the University of Chicago, would write and maintain such ignorantly unconsitutional positions. WTF?
FYI:
NarusInsight
“System Specification & Capabilities
Some features of NarusInsight include:[4]
* Scalability to support surveillance of large, complex IP networks (such as the Internet)
* High-speed Packet processing performance, which enables it to sift through the vast quantities of information that travel over the Internet.
* Normalization, Correlation, Aggregation and Analysis provide a model of user, element, protocol, application and network behaviors, in real-time. That is it can track individual users, monitor which applications they are using (e.g. web browsers, instant messaging applications, email) and what they are doing with those applications (e.g. which web sites they have visited, what they have written in their emails/IM conversations), and see how users’ activities are connected to each other (e.g. compiling lists of people who visit a certain type of web site or use certain words or phrases in their emails).
* High reliability from data collection to data processing and analysis.
* NarusInsight’s functionality can be configured to feed a particular activity or IP service such as security, lawful intercept or even Skype detection and blocking.
* Compliance with CALEA and ETSI.
* Certified by Telecommunication Engineering Center(TEC) in India for Lawful Intercept and Monitoring Systems for ISPs
The intercepted data flows into NarusInsight Intercept Suite. This data is stored and analyzed for surveillance and forensic analysis purposes.
Other capabilities include playback of streaming media (i.e. VoIP), rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products, such as Pen-Link, offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules.
A single NarusInsight machine can monitor traffic equal to the maximum capacity (10 Gbit/s) of around 39,000 DSL lines or 195,000 telephone modems. But, in practical terms, since individual internet connections are not continually filled to capacity, the 10 Gbit/s capacity of one NarusInsight installation enables it to monitor the combined traffic of several million broadband users.
According to a company press release, the latest version of NarusInsight Intercept Suite (NIS) is “the industry’s only network traffic intelligence system that supports real-time precision targeting, capturing and reconstruction of webmail traffic… including Google Gmail, MSN Hotmail, Yahoo! Mail, and Gawab Mail (English and Arabic versions).” [5]
It can also perform semantic analysis of the same traffic as it is happening, in other words analyze the content, meaning, structure and significance of this entire traffic, as it is happening. The exact use of this data is not fully documented, as the public is not authorized to see what types of activities and ideas are being watched for.”
I think it is very likely that they have been sweeping up all traffic, voice plus numbers/names and the contents of all emails.
Besides telcos and IXPs the list of possibly complicit suspects you would want to check would be cable companies, carrier hotel providers, data center providers and dark fiber providers (for example, natural gas pipeline owners and railroads).
The telcos have figured prominently to date because they are natural aggregation points for a lot of domestic traffic as well as for most international traffic. However, a substantial portion of domestic Internet and somewhat less voice traffic never hits the telcos networks. Specifically cable and corporate traffic that is either terminated at an IXP or directly in a data center. So these other actors would have to be considered in any scheme to succesfully monitor all or most domestic voice and internet traffic.
Regarding Cisco or some other provider of carrier class network equipment surreptitiously slipping in code to magically siphon off huge amounts of network traffic – it’s not going to happen.
For many practical reasons with respect to equipment sizing, network capacity, configuration management of the equipment and traffic management/monitoring of the equipment any attempt to siphon off large amounts of traffic through the back door either wouldn’t work at all or would be caught.
That is not to say that the equipment provider (Cisco/Juniper/…) could or would not be involved in such an effort but if they were, they would be actively working with whoever was managing the equipment.
Having said that, it would be possible for an equipment provider to put a back door in so that the government could direct a router to siphon off small amounts of traffic or even completely take over control of the router. If any signficant number of routers were being compromised and actively used then you might expect there to find some type of command/management infrastructure on the government side to facilitate this.
Regarding non-carrier (Google, Yahoo, Microsoft, GoDaddy…) e-mail providers being involved in handing over bulk e-mail for data mining purposes.
Their participation is not necessary. The government need only tap the communications links where these e-mail providers connect to the Internet. They would not need to tap all the backbone links in the country. Another possibility if they have the active assistance of the carriers would be to set the network routing to relay the e-mail providers traffic through the government monitoring equipment. This would be easier to implement than the taps but more likely to be detected.
The e-mail providers participation may not even be desireable as it could; (1) signficantly delay any filtering and processing of the e-mail traffic, (2) introduce the complexity of dealing with each provider’s data format rather than just dealing with the SMTP (Simple Mail Transport Protocol) format they would get by intercepting/taping the traffic and (3) un-necessarily increase the number of people that would be aware of the program.
Where this line of reasoning breaks down is when all the participants in an e-mail conversation are using the same e-mail provider. Accessing that traffic would require either tapping the client side communication (a much more difficult proposition than just tapping the inter-provider SMTP traffic) or the active cooperation of the e-mail provider with the government.
If the government really has gone to all the effort to tap domestic traffic then I wouldn’t expect it to stop with just voice and e-mail. Credit card and other financial transaction processing networks would be high on the list of targets.
Finally, regarding why the e-mail providers trade group would oppose immunity and telcos would actively work with the government. Think about the corporate history, cultures, work forces and customer relationships of telcos vs stand-alone e-mail providers (e-mailers).
Telcos have a much, much longer working relationship with the government, have large numbers of ex-military employees and have inherited mostly common corporate cultures, structures and practices from their Ma-Bell monopoly days. Telcos are highly regulated at the state and federal level, their equipment is designed to afford government access and telcos are conditioned to be responsive to government wiretap requests (think CALEA). Both telco customers and organizations have been conditioned by many decades of movies, television programming and news articles to accept that their phone calls may be monitored by individual wiretaps or swept up by a pervasive monitoring system like Echelon. In reality, telcos really are a captive agent of the government.
Non-telco e-mailers like Google, Yahoo and Microsoft have much different backgrounds. They don’t have long histories of working with the government, they have very different corporate cultures as compared to each other and as compared to the telcos. Their technical employee base comes not from the military but from academia making them willful and un-likely to be responsive to government spying requests or dictates.
E-mailers are practically un-regulated entities affording the government very little leverage in influencing their behaviour. E-mailers have relatively short corporate histories as compared to telcos and have come of age in a time when privacy concerns have become a significant driver of corporate behaviour.
When you think of popular references to people having their e-mail read it is more likely to be because their account was hacked than it would be of the government being given legitimate access. And in cases where the government is trying to gain access the e-mailers are more frequently portrayed as resisting that access by litigating against it and requiring court orders. We and the e-mailers have not (yet) been conditioned to allow the authorities un-fettered access to our e-mail. The backlash to e-mailers of being perceived as having been complicit in large scale government hoovering of our e-mail would be much worse than what the telcos have faced. And it is a lot easier to have new market competitors take away customers in the e-mailer world than it is in the telco world.
On a more venal note, e-mailers have an antagonistic, dependent relationship with the telcos and may just be taking a rare opportunity to stick it to them as usually it is the other way around.
-Netmaker
Good comment. And welcome; don’t believe I have seen you before, please participate often.
Thanks for an excellent comment. I second bmaz in hoping you’ll consider hanging around more and commenting.
Thanks for the reality check on Cisco-pushed router software updates; I agree there would likely have to be operator complicity to actually alter any routing patterns, insofar as carefully managing flows is kind of the definition of what the operators do.
As to the point about lawful intercept and backdoors, IMHO that bears repeating: Basically all telecom systems now have ‘lawful intercept’ capabilities that enable remote tapping. It is merely assumed by the manufacturer that none of that will be used unlawfully, there’s nothing in the gear that can tell the difference between a legal tap and an illegal tap. And if the manufacturer is under pressure from the USG to do so, it could buld the ‘lawful intercept’ functionality in such a way as to allow the remote operator to go as far as they want in siphoning off a copy of any number of streams of interest. And the latent ability to do that would be undetectable by the operator.
As regards the Narus boxes, I think we should keep in mind there may be multiple methods deployed out there. In other words it’s possible that Narus and hoovering are not coterminous. You could use Narus for specific known suspects, in real time, and also hoover much broader-band traffic for later analysis and contact-tracing. Or one IC agency could be using one method and another agency using the other, etc.