Wednesday, June 12, 2013

How do you solve a problem like MARINA?

Of all the NSA stories vying for your attention, the most interesting may be Marcy Wheeler's.

First, you must understand that Section 215 of the Patriot Act provides the legal justification for collecting cell phone metadata -- by which we mean the records of who called whom at which time. You may want to read Slate's short explanation of 215. You will also want to reference this very recent story from NBC:
The Patriot Act provision, known as Section 215, allows the FBI to require the production of business records and any other “tangible things” -- including “books, records, papers, documents and other items,” for an authorized terrorism or foreign intelligence investigation.
In contrast to standard grand jury subpoenas, material obtained under both Section 215 orders and national security letters must be turned over under so-called “gag orders” that forbid the business or institution that receives the order from notifying its customers or publicly referring to the matter.
The second thing you need to know is that the present scandal was all about an NSA project to collect this metadata daily.

Third: Marcy reminds us that the cell phone carriers already have this stuff. They store metadata in-house for years and years. In a sense, they've been doing the NSA's job all along.

So why would No Such Agency want daily updates? Why not leave the metadata on the servers of Verizon (or whomever), and ask for it as needed?

Well, they tried a system like that between 2002-2006.

A few years ago, there was a now-forgotten mini-brouhaha about that program, because the WP got hold of an Inspector General's report from 2007. The WP story prompted Marcy to write a few earlier posts, like this one.

Why did the 2002-2006 system go wrong? Because it was horribly abused.
The problems — that that we know about from the unclassified report (there are secret and TS/SCI versions which probably have bigger horrors) — include:

* FBI General Counsel had no apparent knowledge of 17% of the searches

* Thousands of searches never got recorded

* FBI lied to the telecoms about how urgent the information was to get the information

* FBI did an unknown number of sneak peeks into the data to see if there was something worth getting formally

Altogether, the unclassified IG Report described 26 abuses that should have been reported to then (and once again, since Chuck Hagel became Defense Secretary) inoperable Intelligence Oversight Board.

That includes the tracking of journalist call records in at least three cases (one of which I suspect is James Risen).

In short, it violated many legal principles. And that’s just the stuff that actually got recorded and showed up in an unclassified report.
In another piece, Marcy wrote:
Rather than using a subpoena or a National Security Letter to get phone records from them (both of which would have required a higher level of review), the FBI basically gave them a boilerplate letters saying it was an emergency (thus the “exigent”) and could they please give the FBI the phone data; the FBI promised grand jury subpoenas to follow. Only, in many cases, these weren’t emergencies, they never sent the grand jury subpoenas, and many weren’t even associated with investigations into international terrorism. In other words, FBI massively abused this system to get phone data without necessary oversight.
Marcy believes that the mess uncovered in 2006-2007 prompted the NSA to come up with a scheme to collect metadata silently, automatically and covertly. That way, there would be no need to worry about National Security Letters and all of that other difficult stuff.

Frankly, I'm not sure that Marcy has the chronology quite right.

This above-cited NBC story says that the FBI's use of 215 "exploded" after 2006. But a new problem arose: Though the feds were sending out tons of "National Security Letters" (requests for data), the telecommunication companies stopped co-operating.

Why? In large measure, methinks, because those corporations were being sued by various parties who were pissed off when they learned that private companies were turning over their records to Uncle. If you want to know more about those lawsuits, start with this data dump provided by the Electronic Frontiers Foundation.

If you scan that data dump, you'll find that it takes us to the 2009-2010 period. At that time...
...the FBI was using the Section 215 requests to obtain a broad array of records. For example, a top-secret FISC order disclosed last week by the Guardian showed that the FBI had used a single Section 215 request to direct Verizon to turn over "all call detail records or telephony metadata" of its customers for a three month period, literally millions of records.
So now we have a new chronology.

And y'know what? I'm starting to think that this chronology also gets everything wrong. At this point, we need to step back and ask one simple question: Just when did the "collect all metadata" project truly begin?

You see, back in 2006, USA Today revealed this program was already in existence even then.
"It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added.

For the customers of these companies, it means that the government has detailed records of calls they made — across town or across the country — to family members, co-workers, business contacts and others.
Isn't it odd how everyone has forgotten this key news story, published seven years ago?

We now know that the database is called MARINA, which I hope was not named after Oswald's widow, because if there's one lady who doesn't need any more weird covert shit in her life, it's she.
In order to access the stored data sets, the NSA needs to have a real tangible reason. It's hard to believe this because the law seems to preclude them from collecting the data in bulk without a significant investigative purpose, but that law has been interpreted by the Foreign Intelligence Surveillance Court to relate only to the way in which the data is used.

That is, the NSA can collect the data so long as there is a good chance that it might need it for some future investigation.
This brings us back to that old NSA dodge: They insist that merely collecting the information isn't wiretapping. By this logic, it's okay to steal a painting from a museum as long as you don't look at it.

So. How do you solve a problem like MARINA? It really is a will-o-the-wisp. You can't pin it down.

When did MARINA begin? 2010, 2006, 2001 -- or long before?

If MARINA existed in 2006 or earlier (as USA Today reported), then why was the FBI doing all of that abusive crap outlined in the 2007 IG report? Why was the FBI trying to pry information from the telecommunications companies at that time? Why didn't FBI agents just pop on over to Fort Meade, knock on the NSA's door, and ask for a cup of metadata? Odd thought: Did the FBI even know about MARINA? Why would you create a thing like MARINA if you aren't going to let the FBI make use of it?

This stuff's freakin' impossible for an outsider to get his head around...!

9 comments:

Jay said...

I was trying to find video lectures by Dave Emory on Youtube. I didn't find any but I did find some of his audio lectures uploaded there. One in particular stuck out to me and I listened to it. It was recorded in 1995 and the name of the lecture is 'The Origins of US Intelligence'.

At the very beginning, he says some interesting things. He says that the NSA is far more powerful than the CIA and is more important than the CIA. So if the NSA is more powerful and more important than the CIA, and the CIA is both more powerful and important than the FBI, then the NSA is infinitely more powerful than the FBI.

My reason for pointing this out is that government agencies and departments are not monolithic, sometimes in opposition to each other, led by different political ideologies running from approaching centrism to the extreme right-wing. The NSA does not have to share all of its capabilities with the FBI and I would think that the FBI does not have access nor a high enough security clearance to know all the going-ons at the NSA or every program under the NSA.

I doubt there is 100% cooperation between the NSA & FBI and the NSA remains as powerful as it is by not letting all other agencies have a piece of that power.

What's more puzzling to me is that many years ago, I think it was 2006/2007, PBS ran a documentary which investigated whether or not there was reason to worry that the United States was becoming a police state in the post-9/11 era. One thing I never forgot from that documentary was that they interviewed a former NSA director were asking him various questions when it seems he revealed something very important. He said that even when he was Director of the NSA, not even he had access to all the projects and programs at the NSA, some of them were so highly classified or even 'compartmentalised eyes-only' (this is a classification that is above top secret) that he did not have access to everything that went on in the NSA. That begs the question, if even the Director of the NSA does not have control over everything that goes on in the NSA, who does? I mean, whose eyes-only are able to have the full picture of the NSA? How deep does the rabbit hole go? How was he even allowed to disclose something that significant and dramatic?

But yeah, the government is by no means monolithic or cohesive or even efficient.

Joseph Cannon said...

I'm not sure that Emory's comment should be taken in that way, Jay. I mean, it all depends on what you mean by "power." The NSA has no authority to act in this world -- that is to say, they can't bring charges against you. They can't send people to arrest you.

But the FBI does that stuff all the time.

Joseph Cannon said...

I'll add: It is true that the intelligence community is far from monolithic. There are splits between agencies and within.

Guys of my generation grew up reading about the "classic" era of the FBI and the CIA, when the splits were pretty obvious. In the FBI, you had the war between Hoover and Sullivan. (Mark "Deep Throat" Felt was promoted to a newly-created position just to keep Sullivan in line.) In the CIA, you had the war between the Angletonians -- who thought that the Sino-Soviet split was a hoax -- and, well, the people who were more sensible.

We see all sorts of signs that splits of this sort occur today. Such is human nature, I guess.

Jay said...

Well, you mention that the FBI has the power to arrest and detain people. But the CIA has more power than that, they can rendition people, that is to say they can kidnap people. They can disappear people, as it were. If the CIA can rendition, kidnap, imprison and torture people, can the NSA do the same? Let's recall that this whole Benghazi incident occured because a militia group was attempting to free their brethren who had been captured, imprisoned and tortured in a CIA barracks attached to or nearby the embassy that served as what is called a 'black jail'. The CIA operates an unknown number of 'black jails'. But these black jails are not talked about enough, they are places which are far worse than Guantanamo Bay and no photos of what they look like inside even exist. Most of what we know about them comes from aid organisations like the Red Cross. But yeah, the CIA's black jails, prisons with no oversight or public scrutiny (much less public awareness) are probably the scariest places on earth. I certainly don't mean to misinterpret Dave Emory if that's what happened, but I took it as he was telling me I was wrong in assuming that the CIA is all powerful and the NSA has a larger budget, larger influence and all-around more power. But what the hell do I ultimately know about these matters? I often wonder who trumps who, the CIA, NSA or DIA? In theory, the entire intelligence community answer to the office of the DNI (Director of National Intelligence). But I mean, that's just in theory and on paper.

Michael said...

Folks, there's something you need to know - something that would put this whole NSA surveillance thing into chilling perspective.

First, what is "data mining"?

Wikipedia says: Data mining (the analysis step of the "Knowledge Discovery in Databases" process, or KDD), an interdisciplinary subfield of computer science, is the computational process of discovering patterns in large data sets involving methods at the intersection of artificial intelligence, machine learning, statistics, and database systems.

Succinctly, it's using computers to analyze masses of raw data, turning it into bits of useful, actionable knowledge -- or, in the counter-terrorism business, "targets".

Now hear this: There is no need, no point, no useful purpose, for the NSA to scoop up all this Verizon metadata, and all this PRISM data, moving it in bulk to their own data warehouses, UNLESS the NSA wants to data mine it, e.g. in order to develop possible "targets."

If the NSA already knew their targets, they wouldn't need all this data. They could subpoena the target's phone bills and Facebook postings from the appropriate companies. Or get a warrant to wiretap, if need be. This is run-of-the-mill standard police investigative work, like we see on TV shows every day. It doesn't require data warehouses or data mining.

Moreover: In every court in the land (except the FISA court), to get a warrant or have your subpoena upheld, you need to specify the target (and show evidence of probable cause). [Only in the FISA court, it is rumored, can you get a warrant for doing "data mining" without naming a specific target and showing probable cause.]

Dragnet. Data mining. They mean the same thing. The main difference is that to do a dragnet you have to have a lot of human bodies - cops. With data mining you only need a data warehouse and some sophisticated software, and maybe one human to push the start button.

Human involvement is a key to this. The Intelligence community and FISA court apparently have decided that it's not "wiretapping" (requiring a warrant) unless and until a human being listens to the conversation. That's why President Obama and others have made such a point of saying that they're not listening to your conversations. They probably aren't, until they get that warrant. But they're using sophisticated computer data mining software to find you so they can put your name on that warrant! Does that violate the Fourth Amendment? I think so.

Chilling. But there's something even more chilling. It hasn't been leaked yet, but I'm pretty certain we'll find out soon. The NSA isn't just vacuuming the metadata. They're grabbing the content (your conversations), too, and storing them away for future use. That will make it easy for them, with your name on that warrant, to listen to all your past conversations as well as your future ones. It's "okay" for them to record your conversations, because "nobody's listening." Right?

Michael said...

Former NSA Boss: We Don't Data Mine Our Giant Data Collection, We Just Ask It Questions

https://www.techdirt.com/articles/20130611/18344823416/former-nsa-boss-we-dont-datamine-our-giant-data-collection-we-just-ask-it-questions.shtml

Jack said...

They insist that merely collecting the information isn't wiretapping. By this logic, it's okay to steal a painting from a museum as long as you don't look at it.

You may call this "an old NSA dodge," but it does make a different if Fox News and the screeching Randroids are running around telling people that their email is being read or phone calls being listened to. There's a big difference between merely collecting information so it can be legally searched with a warrant at a later time as needed and actually reading everyone's email and listening to all their phone calls.

The problem with the libertarian Randroid types is that they are ideolgoical zealots concerned with a particular outcome (or several outcomes). They are much less concerned with *the truth.* So they will twist every last piece of information to fit into their "government should not exist, government is evil" framework.

So, yeah, you can call it a dodge if you want to, but it's a distinction that people who care about what is *really* happening will want to make. If the only goal is to flame hysteria and misinform the public, then we subtle distinctions between true and false are not necessary.

cracker said...

It all depends on what the definition of "is" is. They are just herding the sheep into pens at present. If in the future someone decides (remember the Decider?) that some of the sheep need to be sheared, castrated, or butchered, then that won't be a problem. We're only in the setup stage now, so don't worry little sheep. You know we love you.

Gus said...

Jack, yes that is the distinction and it's worth noting. However, you talk about what's "really" going on as if you or anyone outside the NSA and government actually know. Despite these leaks, I don't think we are getting the whole picture. Plus, you say yourself it just makes it easier for them to come after whoever they want in the future.....a future that might be ruled by much more extreme elements than are currently in office (if you happen to think the current occupants are not authoritarian or despotic enough.....which is possible, though I'd say that the current was are enough so to warrant some kind of action).