More NSA leaks: how the NSA bends the truth about spying on Americans while insisting it doesn't spy on Americans

The Guardian has published two more top-secret NSA memos, courtesy of whistleblower Edward Snowden. The memos are appendices to "Procedures used by NSA to target non-US persons" (1, 2), and they detail the systems the NSA uses to notionally adhere to the law that prohibits them from spying on Americans.

More importantly, they expose the "truth" behind NSA director James Clapper's assertion that "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." This turns out to be technically, narrowly true, but false in its implication, as Declan McCullagh explains on CNet:

Clapper's statement was viewed as a denial, but it wasn't. Today's disclosures reveal why: Because the Justice Department granted intelligence analysts "proper legal authorization" in advance through the Holder regulations.

"The DNI has a history of playing games with wording, using terms with carefully obscured meanings to leave an impression different from the truth," Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated domestic surveillance cases, told CNET earlier this week.

This is important in the context of McCullagh's earlier story about Rep. Jerrold Nadler allegedly saying that the NSA listens in on Americans' phone-calls, a statement he later denied. As the Guardian's publications make clear, the NSA operates under a baroque and carefully engineered set of guidelines that allow it to spy on Americans while insisting that it's not spying on Americans.

For example, as Glenn Greenwald writes:

However, alongside those provisions, the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Preserve "foreign intelligence information" contained within attorney-client communications;

• Access the content of communications gathered from "U.S. based machine[s]" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

On Ars Technica, Dan Goodin goes further into the documents, showing how people who use encryption and proxies, such as Tor and PGP mail, are especially targeted for spying and data-retention, even when it is clear that the communications originate with, and are destined for, US persons:

While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the US, they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.

And in the event that an intercepted communication is later deemed to be from a US person, the requirement to promptly destroy the material may be suspended in a variety of circumstances. Among the exceptions are "communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis."

Other conditions under which intercepted US communications may be retained include when it is "reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed."

The document, dated July 28, 2009, bears the signature of US Attorney General Eric Holder.

And as Goodin notes, some of the heaviest users of PGP-encrypted email are lawyers handling confidential, privileged attorney-client communications, meaning that the US Attorney General is deliberately targeting privileged communications between US persons for extra surveillance and retention, an act of galling lawlessness.

31

  1. Yesterday, as I was driving, minding my own business, a passing police officer looked Directly At Me. My face, along with the approximate time and location are almost certainly now stored in his memory…

    There can truly be no privacy until all government officials are prohibited from observing innocent, law abiding citizens. They should only be allowed to observe convicted criminals.

    Yes, that’s absurd, but so is the notion that the world is a safe, secure little mountain dell, where we all take naps in between hugging sessions. Remember 9-11? That happened. The same sort of people are out there right now, praying for another shot at blowing up thousands of civilians. 

    It’s absolutely necessary to consider, and weigh,  the costs of security. It is absolutely foolish, however, to pretend that security is unnecessary, or that it can come at no cost. 

    1. I disagree.

      I could argue with you, I could shout at you, but I guess I’ll be never able to convince you that you misunderstood the concepts of freedom and of security. What a pity, this is the interwebz.

      However, please try to consider the implications of your current belief.

      And please consider the facts. Consider what we’ve learned from the leaks. Consider what you might have learned about checks and balances, about the political system of the US, and especially of other countries.
      Please, consider history. We can learn from it.

      1. Sadly, as Hegel wrote, “We learn from history that we never learn anything from history.”

    2.  So… that police officer that looked directly at you yesterday searched you, your web history, your physical and electronic mail, your computer and laptop, your telephone, your smart-phone, the contents of your house, the photo albums from your last trip to Europe? He touched your genitals and commanded you to undress? He questioned you for days, detained, without any contact with any kind of lawyer?

      NO?

      Fuck off, Sir!  

        1.  That police officer must have looked at VMJ with a /dehumanizing stare/. The police are super cereal about those.

    3. Hello and welcome to BoingBoing. We hope you stick around to share more of your beliefs, and that you didn’t come along for just this one little comment.

    4. It is absolutely foolish, however, to pretend that security is unnecessary

      Tell me, who is this mythical beast that thinks all forms of security are unnecessary?

      Did this beast come to you in a dream or did you conjure it up in your mind with your wild imagination?

      Remember 9-11?

      Yep, and other things too…

      http://www.fair.org/blog/2013/04/16/terror-returns-but-when-did-it-go-away/

      There can truly be no privacy until all government officials are prohibited from observing innocent, law abiding citizens. They should only be allowed to observe convicted criminals.

      Let me introduce you to the Fallacy Of Extension:

      http://www.don-lindsay-archive.org/skeptic/arguments.html#straw

      Remember 9-11? That happened. The same sort of people are out there right now, praying for another shot at blowing up thousands of civilians.

      This unconstitutional, suspicionless surveillance on innocent Americans isn’t about protection, it’s about money.

      http://www.washingtonsblog.com/2013/06/the-dirty-little-secret-about-nsa-spying-it-doesnt-work.html

      FTA:

      Daily Caller: So what are they doing with all of this information? If they can’t stop the Boston marathon bombing, what are they doing with it?

      Binney: Well again, they’re putting an extra burden on all of their analysts. It’s not something that’s going to help them; it’s something that’s burdensome. There are ways to do the analysis properly, but they don’t really want the solution because if they got it, they wouldn’t be able to keep demanding the money to solve it. I call it their business statement, “Keep the problems going so the money keeps flowing.” It’s all about contracts and money.

      How many of your civil rights are you willing to give up in the name of corruption and security theatre?

      Also, I’d like to quote another, brave American hero for you:

      ” … US officials also provide misleading or directly false assertions about the value of these programs, as they did just recently with the Zazi case, which court documents clearly show was not unveiled by PRISM.

      Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicionless surveillance that could not be gained via any other source? Then ask how many individual communications were ingested to acheive that, and ask yourself if it was worth it. Bathtub falls and police officers kill more Americans than terrorism, yet we’ve been asked to sacrifice our most sacred rights for fear of falling victim to it. … ”

      – Edward Snowden (former CIA/NSA, Booz Allen Hamilton/etc.)

    5. This is an article largely about how the NSA was allowed to justify lying to congress, the arm of government that is supposed to be a check on their powers.  It is not about pretending security doesn’t exist, it is about an organization being given billions of dollars to act without any kind of oversight or accountability.  We cannot expect any such organization to accomplish anything real or positive, security or otherwise.

    6. Liberty has a cost. It’s not worth giving some up for perceived security.  ever. If you think it’s ok, you deserve neither liberty nor security.

      And the real issue isn’t whether they’re looking at your private communications, it’s that they are storing them. In direct violation of the 4th amendment, they’re storing them. If you get pulled out of line trying to get on a plane for a “random” extra check, what’s to stop them from poring through your last five years of life? “I see in 2011 during a phone call with your cousin, you made a comment about harming the President.  Now you’re going to jail.  Sure it’s hypothetical, but 5 years ago, so was storing all of our communications, wasn’t it?

      1. The real issue really is that they’re looking at your/our communications. They’ve worked hard to shift the Overton Window so that it no longer seems to be the real issue.

    7. The fact is that the US government kills more US citizens than the terrorists could ever hope to match. If we need security and protection from anything, it would be the US government.What is truly absurd, is your defending the notion that committing a crime is the right way to go about securing our safety.

    8. Here’s a more apt analogy: Yesterday, as I was reading at home, the police broke in and ransacked my house because they saw that I had lowered my shades. The fact that I did not want everyone to know what I was doing in my house was suspicious, and they felt entitled to see for themselves.

  2. Of course, it you send an encrypted email then obviously you have something to hide, making you ipso facto suspicious.  

    The clear endgame of this kind of warped institutional mentality is a tacit demand from the state that its subjects bare all, all the time.  “If you would just stop trying to keep things from us, we would stop watching you.”

    To paraphrase Milan Kundera, who knew a thing or two about the machinations of totalitarian regimes: The more secretive the state becomes, the more transparency it demands from its subjects.  

    Even if what the NSA is saying – and what they’re saying changes every day – is true (it’s only metadata, there’s proper oversight, because terrorists, blah blah blah), the ultimate goal of all this data collection and aggregation is to predict future behavior.  Which means that at some point the government will believe it knows what you are thinking.   

    Combine that with the fact that the state recently granted itself the right to detain you, an American citizen, indefinitely, without charges or due process.  Today it’s vindicative IRS audits (the Tea Party) and grandstanding federal DAs (Aaron Swartz).

    Tomorrow you just disappear.  

    But hey, nothing to hide, nothing to fear, right?   

    1. The lack of transparency is what is really at issue.

      I would not mind having to “live a life examined“, as Socrates would have wanted, as long as that meant that I was not judged for being too benign, mundane or boring.

      When I am watched, I want to know about it. “Quis custodiet ipso custodes” and all that.

      If I can assume that I am watched, then I want to know to what degree can I depend on that situation.

      Its a trade off so I want to know what am I getting in return.

      It is not all going one way. My privacy is a valuable commodity. What am I getting in return?

      We could/should/would get into the details of what do we all say I have to trade and for what.

      But we have to be open about it.

  3. Eh, the retention of encrypted material seem more about code breaking than believing that people with encrypted messages have something to hide. Basically, some crypto systems have very subtle flaws where each message in a stream, or certain parts of a conversation, will “leak” small amounts of information about the cleartext or key. Therefore if they’re trying to break the encryption on a specific target, it’s useful to retain the whole set communications, even if some comes from a souce identified to be American.

    More troubling is the part about retaining messages regarding security vulnerabilities (section 5, paragraph 3) or technical information about exploiting communications systems. So basically if they happen across you discussing a new zero day, or login credentials or ssh keys, and it might be useful to breaking into a server or exploiting a target they’re interested, they’re allowed to just keep it. Even if you’re American and have done nothing wrong.  NSA in ur email, stealin’ ur zero days.

    Also if you’re a dirty non-American, then you have pretty much zero rights. Wave to the NSA folks!

    1. Also if you’re a dirty non-American, then you have pretty much zero rights. Wave to the NSA folks!

      Except the right to evolve better and better encryption algorithms and to use them.

      1. Depressingly, the fact is that only a tiny, tiny fraction of users actually bother to learn and use encryption of data-at-rest with keys held only by the user, meaning the NSA doesn’t really care that much. 

        I’ve always thought that the speculation about the NSA’s ability to secretly break current crypto algorithms is over blown. The reason we don’t see more pushback on civilians using encryption is that even SSL coverage is spotty at best, and when it is used, almost no one bothers to go through the trouble of encrypting data once it leaves the transport and gets captured and stored by servers. Why go through all the trouble of breaking someones SSL connection to gmail.com when you can just force google to hand over the whole mailbox?

        1. Or the NSA already has the other key to read everything, because they infiltrated the CAs on a previous warrant.

        2. Depressingly, the fact is that only a tiny, tiny fraction of users actually bother to learn and use encryption

          ^ This.

          As long as PGP/GPG encryption is not included in email clients by default, especially including a very intuitive key generation and general purpose interface, nobody will use it.

          It should come with any high-price fancy smartass product. It never ever should need a command line. Everything more complicated than a button “secure mail” or “secure phonecall” is to complicated. Even the key sharing should be just included in this. You click, a p2p server network is asked to deliver the recipients key, you get either a green (trusted), and orange (valid key and signature, but unconfirmed) or a red (valid, but untrusted) background and the mail heads off. No more tinkering, no cmdline “gpg –anything”, not a single time.

          Why, pray, is this not delivered? Even on a full-blown multi-purpose computing device running current OS’, users have to read a full tutorial about how encryption works, how it is installed and how you should manage your keys before even sending the first encrypted mail goes out.

          Screw the programmes who design this. It’s nice to be able to admin this, root that, and sudo something, but at the end of the day the thing which is intuitive prevails. Be able to, yes. Need, never.

          Hell, get going, programmers of this interwebz.
          There will be cake!

        3.  Seriously, try picking some random friend or relative, and send them an encrypted e-mail with a secret word.  Tell them that you will give them $20 if they reply to this e-mail with that word.  Let me know how many takers you get.

          The problem is one of standards.  https is a standard, so it is easy to use.  How many e-mail clients (or even webmail) support encryption.  I am a geek, and if I received an encrypted e-mail, I have no idea where to even find the public key.  Where would I publish my public key?  And even if I did do all of this, I could only send encrypted e-mail to people who wear tin-foil hate.

          In order for encryption to actually work, it needs to be *standard* on all clients, and easy to set up.  Really, it needs to be the default setting.

          Or, the other option is to actually elect a President who cares about privacy.

          1. gpg --keyserver pool.sks-keyservers.net --search-key 'Kevin Harrelson'
            gpg: searching for "Kevin Harrelson" from hkp server pool.sks-keyservers.net
            gpg: key "Kevin Harrelson" not found on keyserver

            yes indeed, the evidence nicely supports your point (if that is your name [wink])

          2. @facebook-1073720809:disqus , nice idea. Does not work, though: I can’t encrypt something for someone without to have his/her pubkey. Sadly, nearly nobody among my contacts has a key, because it’s not included to create one in outlook, thunderbird etc. – which would be bring back to my post above.

            BTW, pgp is a quasi-standard. And most key managers can search public key servers where people could deposit their keys. You could as well. Just try, e.g., gpg4wind, it’s all included.

            Re:elections: Don’t they all care about privacy? As in “how can we avoid to much privacy?”

          3. A friend of mine who’s moderately technical but not in a profession way pinged me about this chrome extension recently: http://www.mailvelope.com/

            It’s a nice, cross platform OpenPGP implementation that runs on top of webmail services. It’s about as close as you can get to turnkey PGP on gmail, yahoo, hotmail, etc. However, it’s still incomplete (no message signatures, no encrypted attachments, no trust chain and key signings). Even if/when those features are finished, it still highlights several major obstacles to getting people to use encryption in their everyday life:

            Key management – Explaining public/private keys, keychain management, and fingerprints, message signing, and trust settings to ordinary, not IT professional users is really really hard, much less getting them to use these things correctly and safely. This is further complicated by the fact that most of us use multiple devices now, and now have an expectation of being able to seamlessly switch between them. If I pickup my iphone and suddenly my email is all gibberish, that’s a dealbreaker for lots of people. So then we have a problem of how to manage private keys across multiple devices securely without exposing them to adversaries and still making it easy enough for grandma to use. 

            Search – Even if google gave up on adwords tomorrow and decided to become a money losing web service charity, they still couldn’t implement client side encryption of everything without killing search. Most people, myself included, have come to rely on being able to search back months or years through lots of email to find the one with my old forums account login name, or my friend’s passing recommendation for taco places in San Diego. If everything is cipher text, you can’t index it without the indexer also having the key, which kind of defeats the whole purpose of client side encryption. It’s also not practical to download 5 years of email, decrypt, and reindex it everytime you want to find that address for a taco stand. 

            Backups – Most users don’t do backups like they should, which means they won’t backup their private keys. This means when a hard drive crashes there’s a good chance some ordinary user’s 5 years of email stand a good chance of becoming indecipherable gibberish. This is kind of a bad user experience for most people. To say nothing of redistributing a new public key and getting everyone to be aware of it and switch over for new communications. 

            This isn’t to suggest we should give up and there isn’t a great, easy, everyday solution to all these problems. I’m just pointing out there’s still serious obstacles to widely deployed encryption of all everyday communications that explain it’s lack of adoption beyond lazyness, stupidity, or webmail developers taking orders from the NSA.

        4. You think the NSA doesn’t have a copy of Google’s SSL keys?  And Microsoft’s, and Yahoo’s, and Twitter’s?

          If they can’t get them through the courts, they’ll have an officer reach out to a patriotic employee.

          That’s why the NSA hoovers all of Google’s raw data feeds.  Sure, it’s encrypted, but the NSA has the keys.

  4. Depressingly, the fact is that only a tiny, tiny fraction of users actually bother to learn and use encryption

    ^ This.

    As long as PGP/GPG encryption is not included in email clients by default, especially including a very intuitive key generation and general purpose interface, nobody will use it.

    It should come with any high-price fancy smartass product. It never ever should need a command line. Everything more complicated than a button “secure mail” or “secure phonecall” is to complicated. Even the key sharing should be just included in this. You click, a p2p server network is asked to deliver the recipients key, you get either a green (trusted), and orange (valid key and signature, but unconfirmed) or a red (valid, but untrusted) background and the mail heads off. No more tinkering, no cmdline “gpg –anything”, not a single time.

    Why, pray, is this not delivered? Even on a full-blown multi-purpose computing device running current OS’, users have to read a full tutorial about how encryption works, how it is installed and how you should manage your keys before even sending the first encrypted mail goes out.

    Screw the ones who design this. It’s nice to be able to admin this, root that, and sudo something, but at the end of the day the thing which is intuitive prevails. Be able to, yes. Need, never.

    Hell, get going, programmers of this interwebz.
    There will be cake!

    1.  In time.  This is the early part.  An authoritarian coup is basically a seizure of power by a segment of the elites – rich, military or a combination.

      Step 1a.  Erosion of rights and expansion of police/state power over individuals.  Combine with removing accountability and democratic oversight.  Happening now.

      Step 1b.  Capture of regulation and government by elites – financial, money and some military elites.  This is happening/has happened.

      Step 2.  Inevitably, when government is in thrall to private interests, corruption begins and expands.  Over time, the economy stagnates and even begins to collapse.  The wealthy and other elites are insulated by the above factors, the rest begin to suffer.

      Step 3.  Rot and collapse begins to get out of control.  Elites still largely unaffected.

      Step 4. The public begins to get upset (Occupy was a beginning, but just a polite warm up for the kind of upset I mean).  They have been robbed and have lost their freedom in the process.  Things get ugly in the streets.

      Step 5.  Military/corporate coup to ‘restore order’.  Then it’s over for a generation or two, corruption goes up another notch. 

       

      1. I see where you are going with this. Government is very predictable in how it reacts to things.

        Fortunately, that can be used in our favor.

Comments are closed.