NSA Collecting Phone Records of MILLIONS of Verizon Customers Daily

[rvrsdediva]

Wait until we're all wearing Google glasses. Facial recognition software And video of everywhere available 24 seven for snooping.

That's the day I move to Canada!

[KenFSU]

If people haven't been able to follow this story closely, the basic nutshell version is that:

1) The NSA has collected and archived records of every single phone call made in the United States in the last seven years. Verizon, AT&T, and Sprint all cooperated.

2) The United States government, through a top secret program called PRISM leaked by a horrified career intelligence office, has been harvesting and archiving citizens' data, including but not limited to emails, photographs, video, audio, and documents, with backdoor access granted by Facebook, Apple, Microsoft, Google, AOL, Skype, YouTube, Yahoo, and others, with DropBox joining next.

The even more basic version:

Nothing is private, digitally.

Rest assured that Uncle Sam has access to your Skype calls, your private Facebook correspondence, your email accounts, your bank records, your web history, your dirty pictures you thought were between you and your partner, whatever.

And we're only talking about the stuff that has leaked.

PRISM is really bad, with horrible implications for American freedom, even if you're note a privacy advocate.

[peestandingup]

The UK is apparently in on it as well. http://www.theverge.com/2013/6/7/4405906/uk-government-is-allegedly-involved-in-us-internet-spying-program

This is fucking crazy. Its clear we've passed the point of no return with this stuff. The country needs an enema.

[RiversideLoki]

I feel sorry for the NSA guy that has to go through my internet history.

12:00PM - Cat pictures
12:01PM - Stuff about guns
12:03PM - reddit.com/r/murica
12:04PM - Google search for "blue waffle"
12:05PM - Youtube search for "reactions to blue waffle"
12:06PM - Cat pictures

Lather, rinse, repeat, etc..

[Dog Walker]

Well all of this phone data and PRISM stuff stopped those two crazy brothers who were going to set off bombs at the Boston Marathon so it's OK.  Right?

[BridgeTroll]

I'm not... as long as the agreed upon safeguards are in place, working, and being audited.  I am saying... is if this particular program is functioning as I think it is... then it should be not surprising to anyone.

The Prism program though... seems at this point to be outside any agreed upon legislation...

[bill]

The only "shocking" part of this story is why it took a Brit newpaper to "break" the story...

http://www.foreignpolicy.com/articles/2013/06/06/why_the_nsa_needs_your_phone_calls?page=0,0

Why the NSA Needs Your Phone Calls…

… and why you (probably) shouldn't worry about it.

BY STEWART BAKER |JUNE 6, 2013

Suddenly, the national security establishment is drowning in data. On June 5, the Guardian released what appears to be a highly classified order issued by the Foreign Intelligence Surveillance Court, known as the FISA Court, to collect Verizon customers' phone records of calls made to or by Americans. On June 6, the Washington Post revealed the existence of PRISM, which allows the collection of Internet data on a massive scale. Does this mean the end of privacy, law, and the Constitution?

Nope. There are a lot of reasons to be cautious about rushing to the conclusion that these "scandals" signal a massive, lawless new intrusion into Americans' civil liberties. Despite this apparent breadth, and even if we assume that the leaked FISA order is genuine, there are a lot of reasons to be cautious about rushing to the conclusion that it signals a massive, lawless new intrusion into Americans' civil liberties.

Let's start with the order. It seems to come from the court established to oversee intelligence gathering that touches the United States. Right off the bat, that means that this is not some warrantless or extrastatutory surveillance program. The government had to convince up to a dozen life-tenured members of the federal judiciary that the order was lawful. You may not like the legal interpretation that produced this order, but you can't say it's lawless.

In fact, it's a near certainty that the legal theory behind orders of this sort has been carefully examined by all three branches of the government and by both political parties. As the Guardian story makes clear, Sen. Ron Wyden has been agitating for years about what he calls an interpretation of national security law that seems to go beyond anything the American people understand or would support. He could easily have been talking about orders like this. So it's highly likely that the law behind this order was carefully vetted by both intelligence committees, Democrat-led in the Senate and Republican-led in the House. (Indeed, today the leaders of both committees gave interviews defending the order.) And in the executive branch, any legal interpretations adopted by George W. Bush's administration would have been carefully scrubbed by President Barack Obama's Justice Department.

Ah, you say, but the scandal here isn't what has been done illegally -- it's what has been done legally. Even if it's lawful, how can the government justify spying on every American's phone calls?

It can't. No one has repealed the laws that prohibit the National Security Agency (NSA) from targeting Americans unless it has probable cause to believe that they are spies or terrorists. So under the law, the NSA remains prohibited from collecting information on Americans.

On top of that, national security law also requires that the government "minimize" its collection and use of information about Americans -- a requirement that has spawned elaborate rules that strictly limit what the agency can do with information it has already collected. Thus, one effect of "post-collection minimization" is that the NSA may find itself prohibited from looking at or using data that it has lawfully collected.

I would not be surprised to discover that minimization is the key to this peculiarly two-party, three-branch "scandal." That is, while the order calls for the collection of an enormous amount of data, much of it probably cannot actually be searched or used except under heavy restrictions. (If I'm right, the administration is likely to find itself forced quite quickly to start talking about minimization, perhaps in considerable detail.)

But why, you ask, would the government collect all these records, even subject to minimization, especially when Wyden was kicking up such a fuss about it? And, really, what's the justification for turning the data over to the government, no matter how strong the post-collection rules are?

To understand why that might seem necessary, consider this entirely hypothetical example. Imagine that the United States is intercepting al Qaeda communications in Yemen. Its leader there calls his weapons expert and says, "Our agent in the U.S. needs technical assistance constructing a weapon for an imminent operation. I've told him to use a throwaway cell phone to call you tomorrow at 11 a.m. on your throwaway phone. When you answer, he'll give you nothing other than the number of a second phone. You will buy another phone in the bazaar and call him back on the second number at 2 p.m."

Now, this is pretty good improvised tradecraft, and it would leave the government with no idea where or who the U.S.-based operative was or what phone numbers to monitor. It doesn't have probable cause to investigate any particular American. But it surely does have probably cause to investigate any American who makes a call to Yemen at 11 a.m., Sanaa time, hangs up after a few seconds, and then gets a call from a different Yemeni number three hours later. Finding that person, however, wouldn't be easy, because the government could only identify the suspect by his calling patterns, not by name.

So how would the NSA go about finding the one person in the United States whose calling pattern matched the terrorists' plan? Well, it could ask every carrier to develop the capability to store all calls and search them for patterns like this one. But that would be very expensive, and its effectiveness would really only be as good as the weakest, least cooperative carrier. And even then it wouldn't work without massive, real-time information sharing -- any reasonably intelligent U.S.-based terrorist would just buy his first throwaway phone from one carrier and his second phone from a different carrier.

The only way to make the system work, and the only way to identify and monitor the one American who was plotting with al Qaeda's operatives in Yemen, would be to pool all the carriers' data on U.S. calls to and from Yemen and to search it all together -- and for the costs to be borne by all of us, not by the carriers.

In short, the government would have to do it.

To repeat, this really is hypothetical; while I've had clearances both as the NSA's top lawyer and in the top policy job at the Department of Homeland Security, I have not been briefed on this program. (If I had, I wouldn't be writing about it.) But the example shows that it's not that hard to imagine circumstances in which the government needs to obtain massive amounts of information about Americans yet also needs to remain bound by the general rule that it may only monitors those whom it legitimately suspects of being terrorists or spies.

The technique that squares that circle is minimization. As long as the minimization rules require that all searches of the collected data must be justified in advance by probable cause, Americans are protected from arbitrary searches. In the standard law enforcement model that we're all familiar with, privacy is protected because the government doesn't get access to the information until it presents evidence to the court sufficient to identify the suspects. In the alternative model, the government gets possession of the data but is prohibited by the court and the minimization rules from searching it until it has enough evidence to identify terror suspects based on their patterns of behavior.

That's a real difference. Plenty of people will say that they don't trust the government with such a large amount of data -- that there's too much risk that it will break the rules -- even rules enforced by a two-party, three-branch system of checks and balances. When I first read the order, even I had a moment of chagrin and disbelief at its sweep.

But for those who don't like the alternative model, the real question is "compared to what"? Those who want to push the government back into the standard law enforcement approach of identifying terrorists only by name and not by conduct will have to explain how it will allow us to catch terrorists who use halfway decent tradecraft -- or why sticking with that model is so fundamentally important that we should do so even if it means more acts of terrorism at home.

Surely you of all people arent criticizing the surveillance are you Bridge Troll?

Didnt you claim it was necessary to give up this freedom because, liberty?

Certainly this administration would never use any information for political gain. It would be like targeting people/groups through the IRS and that would never happen.

[BridgeTroll]

I'm not... as long as the agreed upon safeguards are in place, working, and being audited.  I am saying... is if this particular program is functioning as I think it is... then it should be not surprising to anyone.

The Prism program though... seems at this point to be outside any agreed upon legislation...

hmm.  that sure isnt the tune you were singing under Bush.

We have to understand what this particular program does... and doesnt do...

No one has repealed the laws that prohibit the National Security Agency (NSA) from targeting Americans unless it has probable cause to believe that they are spies or terrorists. So under the law, the NSA remains prohibited from collecting information on Americans.

On top of that, national security law also requires that the government "minimize" its collection and use of information about Americans -- a requirement that has spawned elaborate rules that strictly limit what the agency can do with information it has already collected. Thus, one effect of "post-collection minimization" is that the NSA may find itself prohibited from looking at or using data that it has lawfully collected.

It appears Microsoft, Apple, Google et al deny any knowledge of Prism... THAT is the one that seems out of bounds as of now...

[carpnter]

If people haven't been able to follow this story closely, the basic nutshell version is that:

1) The NSA has collected and archived records of every single phone call made in the United States in the last seven years. Verizon, AT&T, and Sprint all cooperated.

2) The United States government, through a top secret program called PRISM leaked by a horrified career intelligence office, has been harvesting and archiving citizens' data, including but not limited to emails, photographs, video, audio, and documents, with backdoor access granted by Facebook, Apple, Microsoft, Google, AOL, Skype, YouTube, Yahoo, and others, with DropBox joining next.

The even more basic version:

Nothing is private, digitally.

Rest assured that Uncle Sam has access to your Skype calls, your private Facebook correspondence, your email accounts, your bank records, your web history, your dirty pictures you thought were between you and your partner, whatever.

And we're only talking about the stuff that has leaked.

PRISM is really bad, with horrible implications for American freedom, even if you're note a privacy advocate.

And people think those who want to live off the grid are nuts, they may be the only sane people out there now. 

[BridgeTroll]

What is "metadata"?

Do you use Google?  Does Amazon "suggest" books and music you may like?  How about iTunes or any other shopping engine/website?  Has your credit card company ever called and asked you if charges on your card were yours?

All of these things and many more use "metadata"... and most of it is not targeting you specifically.  It is a compilation of data fed through logarithms that spit out trends and likelyhoods.

[BridgeTroll]

I'm not... as long as the agreed upon safeguards are in place, working, and being audited.  I am saying... is if this particular program is functioning as I think it is... then it should be not surprising to anyone.

The Prism program though... seems at this point to be outside any agreed upon legislation...

hmm.  that sure isnt the tune you were singing under Bush.

We have to understand what this particular program does... and doesnt do...

No one has repealed the laws that prohibit the National Security Agency (NSA) from targeting Americans unless it has probable cause to believe that they are spies or terrorists. So under the law, the NSA remains prohibited from collecting information on Americans.

On top of that, national security law also requires that the government "minimize" its collection and use of information about Americans -- a requirement that has spawned elaborate rules that strictly limit what the agency can do with information it has already collected. Thus, one effect of "post-collection minimization" is that the NSA may find itself prohibited from looking at or using data that it has lawfully collected.

It appears Microsoft, Apple, Google et al deny any knowledge of Prism... THAT is the one that seems out of bounds as of now...

But you said that this was necessary, and that we were fools to underestimate the terrorists, didnt you?

Be specific Stephen... This what?  The telephone meta-data data collection? Yes... I said so above... as long as the proper safeguards are in place.  Prism?  This one seems to be something outside the bounds of bipartisan supported legislation... But I don't know enough about that one yet.  It seems neither do the major players like Google, Microsoft, and Apple.  If true it looks to me like Mr Obama has went further than Mr Bush had even dreamt of...

[bill]

The only "shocking" part of this story is why it took a Brit newpaper to "break" the story...

http://www.foreignpolicy.com/articles/2013/06/06/why_the_nsa_needs_your_phone_calls?page=0,0

Why the NSA Needs Your Phone Calls…

… and why you (probably) shouldn't worry about it.

BY STEWART BAKER |JUNE 6, 2013

Suddenly, the national security establishment is drowning in data. On June 5, the Guardian released what appears to be a highly classified order issued by the Foreign Intelligence Surveillance Court, known as the FISA Court, to collect Verizon customers' phone records of calls made to or by Americans. On June 6, the Washington Post revealed the existence of PRISM, which allows the collection of Internet data on a massive scale. Does this mean the end of privacy, law, and the Constitution?

Nope. There are a lot of reasons to be cautious about rushing to the conclusion that these "scandals" signal a massive, lawless new intrusion into Americans' civil liberties. Despite this apparent breadth, and even if we assume that the leaked FISA order is genuine, there are a lot of reasons to be cautious about rushing to the conclusion that it signals a massive, lawless new intrusion into Americans' civil liberties.

Let's start with the order. It seems to come from the court established to oversee intelligence gathering that touches the United States. Right off the bat, that means that this is not some warrantless or extrastatutory surveillance program. The government had to convince up to a dozen life-tenured members of the federal judiciary that the order was lawful. You may not like the legal interpretation that produced this order, but you can't say it's lawless.

In fact, it's a near certainty that the legal theory behind orders of this sort has been carefully examined by all three branches of the government and by both political parties. As the Guardian story makes clear, Sen. Ron Wyden has been agitating for years about what he calls an interpretation of national security law that seems to go beyond anything the American people understand or would support. He could easily have been talking about orders like this. So it's highly likely that the law behind this order was carefully vetted by both intelligence committees, Democrat-led in the Senate and Republican-led in the House. (Indeed, today the leaders of both committees gave interviews defending the order.) And in the executive branch, any legal interpretations adopted by George W. Bush's administration would have been carefully scrubbed by President Barack Obama's Justice Department.

Ah, you say, but the scandal here isn't what has been done illegally -- it's what has been done legally. Even if it's lawful, how can the government justify spying on every American's phone calls?

It can't. No one has repealed the laws that prohibit the National Security Agency (NSA) from targeting Americans unless it has probable cause to believe that they are spies or terrorists. So under the law, the NSA remains prohibited from collecting information on Americans.

On top of that, national security law also requires that the government "minimize" its collection and use of information about Americans -- a requirement that has spawned elaborate rules that strictly limit what the agency can do with information it has already collected. Thus, one effect of "post-collection minimization" is that the NSA may find itself prohibited from looking at or using data that it has lawfully collected.

I would not be surprised to discover that minimization is the key to this peculiarly two-party, three-branch "scandal." That is, while the order calls for the collection of an enormous amount of data, much of it probably cannot actually be searched or used except under heavy restrictions. (If I'm right, the administration is likely to find itself forced quite quickly to start talking about minimization, perhaps in considerable detail.)

But why, you ask, would the government collect all these records, even subject to minimization, especially when Wyden was kicking up such a fuss about it? And, really, what's the justification for turning the data over to the government, no matter how strong the post-collection rules are?

To understand why that might seem necessary, consider this entirely hypothetical example. Imagine that the United States is intercepting al Qaeda communications in Yemen. Its leader there calls his weapons expert and says, "Our agent in the U.S. needs technical assistance constructing a weapon for an imminent operation. I've told him to use a throwaway cell phone to call you tomorrow at 11 a.m. on your throwaway phone. When you answer, he'll give you nothing other than the number of a second phone. You will buy another phone in the bazaar and call him back on the second number at 2 p.m."

Now, this is pretty good improvised tradecraft, and it would leave the government with no idea where or who the U.S.-based operative was or what phone numbers to monitor. It doesn't have probable cause to investigate any particular American. But it surely does have probably cause to investigate any American who makes a call to Yemen at 11 a.m., Sanaa time, hangs up after a few seconds, and then gets a call from a different Yemeni number three hours later. Finding that person, however, wouldn't be easy, because the government could only identify the suspect by his calling patterns, not by name.

So how would the NSA go about finding the one person in the United States whose calling pattern matched the terrorists' plan? Well, it could ask every carrier to develop the capability to store all calls and search them for patterns like this one. But that would be very expensive, and its effectiveness would really only be as good as the weakest, least cooperative carrier. And even then it wouldn't work without massive, real-time information sharing -- any reasonably intelligent U.S.-based terrorist would just buy his first throwaway phone from one carrier and his second phone from a different carrier.

The only way to make the system work, and the only way to identify and monitor the one American who was plotting with al Qaeda's operatives in Yemen, would be to pool all the carriers' data on U.S. calls to and from Yemen and to search it all together -- and for the costs to be borne by all of us, not by the carriers.

In short, the government would have to do it.

To repeat, this really is hypothetical; while I've had clearances both as the NSA's top lawyer and in the top policy job at the Department of Homeland Security, I have not been briefed on this program. (If I had, I wouldn't be writing about it.) But the example shows that it's not that hard to imagine circumstances in which the government needs to obtain massive amounts of information about Americans yet also needs to remain bound by the general rule that it may only monitors those whom it legitimately suspects of being terrorists or spies.

The technique that squares that circle is minimization. As long as the minimization rules require that all searches of the collected data must be justified in advance by probable cause, Americans are protected from arbitrary searches. In the standard law enforcement model that we're all familiar with, privacy is protected because the government doesn't get access to the information until it presents evidence to the court sufficient to identify the suspects. In the alternative model, the government gets possession of the data but is prohibited by the court and the minimization rules from searching it until it has enough evidence to identify terror suspects based on their patterns of behavior.

That's a real difference. Plenty of people will say that they don't trust the government with such a large amount of data -- that there's too much risk that it will break the rules -- even rules enforced by a two-party, three-branch system of checks and balances. When I first read the order, even I had a moment of chagrin and disbelief at its sweep.

But for those who don't like the alternative model, the real question is "compared to what"? Those who want to push the government back into the standard law enforcement approach of identifying terrorists only by name and not by conduct will have to explain how it will allow us to catch terrorists who use halfway decent tradecraft -- or why sticking with that model is so fundamentally important that we should do so even if it means more acts of terrorism at home.

Surely you of all people arent criticizing the surveillance are you Bridge Troll?

Didnt you claim it was necessary to give up this freedom because, liberty?

Certainly this administration would never use any information for political gain. It would be like targeting people/groups through the IRS and that would never happen.

You also thought this was necessary bill.  you know, because of the 'criminal elements'.

Never commented one way or another. I do think the previous admin had enough integrity and respect for the american people to not use this info to attack people for their views. This one not so much.

[BridgeTroll]

Bridge, remember when you, not now and the like thought this guy was a moron? 

http://www.youtube.com/v/fHVOMSqCFHE

It is unlikely that I called anyone a moron... I will leave the name calling to those who seem more prone to it...

[bill]

Bridge, remember when you, not now and the like thought this guy was a moron? 

http://www.youtube.com/v/fHVOMSqCFHE

The people of Wisc thought enough of him to make sure he does not have to go to DC anymore.

[BridgeTroll]

http://www.youtube.com/v/-isKhdB9jYo


Are you calling him a liar?  Two presidents in a row!  Unless you got Bill in there also... are ya gonna go for 4?