The NSA Review Group Ganders at Metadata
As you’ve no doubt heard, the NSA Review Group recommends real limits on the government’s access to metadata, preferring that it be left with the telecoms and only be retained 2 years, and also recommending a higher standard for accessing it.
Which is why I find this recommendation, to more closely watch high level security classification holders, so ironic.
The routine PCMP review would draw in data on an ongoing basis from commercially available data sources, such as on finances, court proceedings, and driving activity of the sort that is now available to credit scoring and auto insurance companies. Government-provided information might also be added to the data base, such as publicly available information about arrests and data about foreign travel now collected by Customs and Border Patrol.
Those with extremely high Access Scores might be asked to grant permission to the government for their review by a more intrusive Additional Monitoring Program, including random observation of the meta-data related to their personal, home telephone calls, e-mails, use of online social media, and web surfing. Auditing and verification of their Financial Disclosure Forms might also occur.
A data analytics program would be used to sift through the information provided by the Additional Monitoring Program on an ongoing basis to determine if there are correlations that indicate the advisability of some additional review.
It rationalizes this intrusiveness by pointing out that clearance jobs are privileges, not a right.
We recognize that such a program could be seen by some as an infringement on the privacy of federal employees and contractors who choose on a voluntary basis to work with highly sensitive information in order to defend our nation. But, employment in government jobs with access to special intelligence or special classified programs is not a right. Permission to occupy positions of great trust and responsibility is already granted with conditions, including degrees of loss of privacy.
And, apparently unlike the phone and Internet dragnet, it proposes to start with a pilot.
But I wonder if this metadata program would have the same problem the NSA’s dragnets do: they haven’t ever proven they work as planned.
Behavior has been the tip off in many cases over the years; spending beyond means, substance abuse (often alcohol), and inappropriate foreign contacts in particular. To the extent the proposal recommends routine screening for problem behaviors at high levels it may not be so bad.
Meta data analysis seems to have some success when chaining back through an individuals data. Which end of the telescope one looks through makes a difference.
The structural problem with the dragnet metadata is one of finding an ill-defined needle in a vastly huge haystack. But if you’re looking at metadata for those with access to classified information, you’ve shrunk the haystack to manageable size and likely have some notion of what the needle might look like. That’s no guarantee it will work, but it’s not an altogether stupid idea.
In return for a job with the government we may have to surrender our constitutional rights. Sounds like a fair trade.
this is simply an insane proposal – a gristly proposal to destroy worker’s privacy.
the only people who would accept this bargain are those who would trade theirpersonal secrets and privacy for money. folks who would do that are folks i would not want in my organization.
we are talking about human beings – proud, highly competent, and only very, very rarely inclined to betray (edward did not betray nsa, by the way).
that the nsa, or this foolish, timid commission supposed to have evaluated some nsa behaviors, would even consider abusive intrusions on employees like those suggested ( or currently being employed, post snowden) is a sign of the pathology of the social structure called “nsa” that does electronic spying.
it should be recognized and acknowledged that there is not a single bit of information the nsa has or will ever uncover that must remain secret for any but a brief time!!!
go on! name me some info that must be kept secret for years and years.
the structure of the nsa? i’ll bet it wad been worked out in adequate detail long before snowden.
spying techniques? want to bet those can be inferred by country x from tecniques country x also employs. remember, we are all the same humans; our minds run in similar channels.
who gets spied on? what technical capacities have been invented?
it needs to be said and solidly understood, that secrecy, other than short-term secrecy for surprise effect, is always for the benefit of the leaders of secret organizations and those benefitting from it financially or politically; it is never essential to the long-term mission and, in fact, as snowden’s disclosures are demonstrating, secrecy promotes folly, incompetence, waste of resorces, and danger to the society permitting it.
i would like to see cass sustein’s response were it revealed that his wife, obama advisor samantha powers, would have to repeatedly and frequently undergo such intrusive interrogation while hooked up to a lie detector (a known unreliable measuring instrument).
“have you discussed any part of your work with your husband since your were interviewed last month, dr. powers ? “
Since they’re now requiring clearances on jobs that don’t involve defense work at all, maybe they should rethink that policy first.
I’d never argue for over-classification, that we seem to have a lot of, or clearances for non-classified jobs. However, not all information is wrongly classified.
To work in the public or private sectors in a sensitive position, an employer is going to want to know something about the pig in a poke before they turn over the family jewels. As a citizen or stockholder I’d call that management doing due diligence in employment practices, not an abuse of privacy rights.
The clearance process is intrusive, and clearances expire. The re-clearance process is intrusive too. Clearance is initially looking to exclude several categories of people. One is people who are personally unreliable, evidenced by things like big debt and criminal or out of control behavior like alcohol/drug abuse. Another is behavior that makes someone vulnerable to blackmail. Those behaviors can lose their potential once disclosed to the employer. Re-clearance looks for those things plus stuff like spending beyond ones means. That may mean someone has developed an undisclosed source of income, think Aldrich Ames selling things to the Russians.
Clearance investigations long have included interviews with family, teachers, neighbors, former employers and financial disclosures. Amazingly, polygraphs are still part of the process.
I haven’t seen anything that indicated that Snowden would have tripped triggers in the clearance process. He came from a service family and worked his way up through a succession of classified positions. He was making good money, living moderately, wasn’t talking to people he should not have been, and acted alone.
One tradeoff is that workers have more due process protections in the public sector than private.
quote”We recognize that such a program could be seen by some as an infringement on the privacy of federal employees and contractors who choose on a voluntary basis to work with highly sensitive information in order to defend our nation. But, employment in government jobs with access to special intelligence or special classified programs is not a right. Permission to occupy positions of great trust and responsibility is already granted with conditions, including degrees of loss of privacy.”unquote
FANTASTIC! Well then, I guess EVERY Federal employee, and contractor with “high clearances” will get “special” surveillance. So, when can those in the Executive branch, the CIA, the Congress, FBI, DoD, DHS and every other stinking official in the entire USG who occupy positions of great trust and responsibility, expect to start receiving this special surveillance, hmmmmm? I can see Feinstein’s head exploding right about now.
Like many of the recommendations it isn’t anything really new. Under EO12333 the government can already do many of the things mentioned in the recommendation.
As it is 2.3(e)
(e) Information needed to protect foreign intelligence or counterintelligence sources or methods from unauthorized disclosure. Collection within the United States shall be undertaken by the FBI except that other agencies of the Intelligence Community may also collect such information concerning present or former employees, present or former intelligence agency contractors or their present or former employees, or applicants for any such employment or contracting;
and under 2.4(c)(1)
(c) Physical surveillance of a United States person in the United States by agencies other than the FBI, except for:
(1) Physical surveillance of present or former employees, present or former intelligence agency contractors or their present of former employees, or applicants for any such employment or contracting; and
(2) Physical surveillance of a military person employed by a nonintelligence element of a military service.
One other thing related to metadata and the recommendations in the report.
According to the FISC orders the government can only query the telephony metadata AFTER chaining has occurred and not against the raw metadata. The recommendations don’t mention chaining at all in this context. The only mention of chaining comes in the description of the query process which is not as it is described in the FISC documents. It actually describes the analyst taking steps to do the chains when in reality all call records are pre-chained all the way beyond 3 hops – it is only the systems that limit the data returned from the query to 3 hops.
I have something to add about one of the encryption recommendations but I will put that on your post on that.
From the Daily Beast’s Daniel Klaidman – Obama’s Panel on Domestic Spying Abuses Didn’t Pull Its Punches – http://www.thedailybeast.com/articles/2013/12/20/obama-s-panel-on-domestic-spying-abuses-didn-t-pull-its-punches.html
“Although the NSA has stoutly defended the metadata program in public, some of the review board members believe the agency many [sic] not put up a fight to keep it. In fact, two member of the board said that NSA Director Keith Alexander told them it would be something of a relief to give it up, with all of its burdensome requirements not to mention the lousy PR. “Alexander told us he’d be happy to give it up,” one of the board members told The Daily Beast.
And if the recommendation is adopted by Obama, the responsibilities of the program would likely move from the NSA to the FBI, which would then have to query to database directly. One panel source said that the FBI is already asking for a dedicated fiber-optic link that they could use to suck the data directly out of the carriers’ databases.”
Would any of these measures have caught Snowden?
No.
And that’s all that has to be said about them.