back to article Yet more NSA officials whisper of an internal revolt over US spying. And yet it still goes on

The NSA's snooping programs aren't just controversial to the public, it seems: we're reminded other staff at the US agency also objected to prying into Americans' phone records. A group of executives, led by a senior official, revolted over the surveillance of US citizens – but failed to change President Obama's policy on …

  1. Anonymous Coward
    Black Helicopters

    You have to wonder if DC really does view the NSA as an instrument of social control...

    I hate DC pols. So concerned about the preservation of power as an end in itself...

    1. oolor

      Re: You have to wonder if DC really does view the NSA as an instrument of social control...

      The sad part is they would have more power and be more likely to hold on to it if they did the right thing.

  2. Anonymous Coward
    Anonymous Coward

    information collected on innocent Americans did little

    I say, extend the remit, double the effort, quadruple the budget! We MUST find them terrorists! Or invent them, if need be...

    1. tom dial Silver badge

      Re: information collected on innocent Americans did little

      The most compelling argument against the NSA's bulk metadata collection probably is that for the few hundred times a year it is searched the operation is not cost effective relative to the alternative of executing a series of search warrants against the various communication carriers. If done piecemeal, though, current legal precedent is fairly clear that a warrant is unnecessary.

    2. Waspy

      Re: information collected on innocent Americans did little

      Yeah it's interesting, I wonder if today's terrorism paranoia and over-extended powers of government departments will be talked of in future decades in the same breath as Mccarthy-ism

  3. tom dial Silver badge

    What does it say about a high rank NSA executive who became aware of the call data collection in 2009 that citizens who read the New York Times knew of about three years earlier?

    That said, policy differences are to be expected in any government agency and the approval decision in any case might go either way. There are technical arguments that favor routinely collecting the metadata and storing it in a database. These include timeliness, uniformity of format and content, and availability of data from all carriers at the same time. Those apply irrespective of the internal or judicial controls that govern access to the data. There also are legal arguments and judicial precedents that favor use of court orders rather than search warrants to authorize metadata collection. Many may find them unpersuasive, but until quite recently there seems to have been a lack of decisions in favor of requiring a warrant for metadata collection, and they are part of the legal environment in which the NSA operates.

    1. John G Imrie

      There is no sutch thing as metadata

      There is data and there is more data.

      1. Roj Blake Silver badge

        Re: There is no sutch thing as metadata

        Or more accurately: there is data and there is data about data.

        1. RobHib

          @ Roj Blake Bronze -- The defn. of "meta".

          Before we continue, let's understand what we're talking about.

          The correct definition of 'meta' is 'above and beyond' [Philos.] as in 'metaphysics'--unknowable to physics, above and beyond anything of which physics is ever capable of understanding.

          The term 'metadata' with respect to internet data is often somewhat loosely used. Ideally, the message (data) has absolutely no 'knowledge' of the metadata (IP addresses etc.) which may not be the case in every instance.

  4. depicus

    If only they could put it to good use...

    I suspect very little intelligence is ever gathered from mass data surveillance - remember Osama delivered his messages using word of mouth from trusted subordinates and I suspect the top of most criminal/terrorist/political trees do the same or similar.

    This is about catching the plebs, those who are starting out on their path to political err sorry terrorist endeavours, the fact that they are stupid enough to brag about it online would suggest they are stupid enough to get caught by good police work. Sadly we cannot afford good policing anymore as we spend our budget on I.T.

    1. Yet Another Anonymous coward Silver badge

      Re: If only they could put it to good use...

      They can put it to good use.

      If you are a senator and you don't vote the right way on the Freedom act then they can check the data and find out some reason why - involving hotel bookings, hookers and columbian marching powder.

      Right down to if you complain about the local council they can do a quick check what naughty web sites you have visited in case you want to make a complaint too public.

      1. tom dial Silver badge

        Re: If only they could put it to good use...

        Since a sizable majority of the Senators voted in favor of a debate and vote on the proposed Freedom Act, and those voting against were those generally supportive of military and intelligence agencies, there seems to be no particular reason to think the NSA, or anyone else in the Executive branch, needed a resort to blackmail.

        Sometimes the obvious answer is the correct one.

    2. John Smith 19 Gold badge
      Gimp

      Re: If only they could put it to good use...

      "I suspect very little intelligence is ever gathered from mass data surveillance - "

      Then you'd be wrong if you thought that was its goal.

      It collects huge quantities of information on the real threat

      a)People not the NSA b)People who are the NSA who might protest.

      To a data fetishist the worst crime is of course being prevented from collecting more data.

      It sounds like a mental illness.

      It is.

  5. Anonymous Coward
    Facepalm

    "Agency spokespeople said Snowden filed no such objections"

    Well, I guess that's probably what "ignored" means...

    1. Tom 13

      Re: "Agency spokespeople said Snowden filed no such objections"

      No it means Snowden was a weasel and never put his objections in writing. Just an elevator chat or the equivalent thereof. It happens all the time in government. If you only talk about it, but don't put it in writing, it never happened. I've worked in places where a co-worker complained constantly about the abusive nature of a boss. But he'd never put anything in writing, so no action was taken.

      1. fishman

        Re: "Agency spokespeople said Snowden filed no such objections"

        Tom 13:

        Snowden a weasel? I've worked for the US government and I know of people who complained in writing through the proper channels, and their careers were essentially over. And Snowden wasn't just going up against a single boss, he was going up against an entire system.

        1. tom dial Silver badge

          Re: "Agency spokespeople said Snowden filed no such objections"

          So is Edward Snowden's career any less "over" for going illegal than it would have been for actually pushing within the organization? To be sure, the whistle blower protections, not entirely effective for civil service employees, are less so for contractors. However, it is not clear that Mr. Snowden could not have accomplished as much, or nearly so, by objecting within until NSA advised Booz-Allen that they no longer required his services and then contacting a sympathetic Senator. There has been, after all, very little change in NSA activities, and there is little prospect of significant change in the foreseeable future; and as far as I can tell, the same is true more or less in the other Five Eyes countries. The biggest change seems to be greater use of decent encryption, which everyone should have done years ago anyhow.

  6. Jason Bloomberg Silver badge

    In defense of data slurping

    If X is a mobile phone use, and all calls to and from X and all base stations connected to are logged, when X turns up dead those logs can be examined and may help reveal clues as to the murderer or the reason. I don't think many would have a great problem with that per se.

    Likewise when X turns out to be a terrorist, who they are involved with might be determined through those logs. Again, I don't think many have a great problem with that.

    But how are authorities meant to provide such benefits other than by logging everyone?

    And it is, thus far, simply logging or 'slurping' but not spying as such. The problem comes in how and when logged data is used which may then amount to spying on some level.

    It is false though to say data slurping is of itself spying. Asserting logging is spying and arguing the slurp should not happen is usually a brute force approach to attempting to prevent perceived misuse of the data later. It is a doomed approach because there are legitimate grounds and beneficial reasons to log and slurp (as above). Those who want to stop actual spying need to move on from saying the part which isn't spying is spying. They're fighting the wrong battle.

    I am happy to hear arguments why there should be no logging at all despite any benefits that may have; just don't call meta data logging spying. I am against the misuse of logged data and what does amount to spying. We do need to be sure we have nothing to fear from our logged data unless we do turn up dead, are involved in terrorism or other criminal activity.

    1. phil dude
      Coat

      Re: In defense of data slurping

      Terrorism == crime , nothing more. If I'm murdered horribly it doesn't matter what mad things you believe - I'm still dead.

      The logging issue is not the problem. It is the escalator of feeble excuses as to why the executive branch needs access with "no questions asked".

      Here's a list I propose for the fridge, so we don't get confused:

      a) Bad guys do bad things, that's how you know to look for them. We define crime as the thing we find.

      b) Bad guys *planning* to bad thing. Harder to prove, but checking for sales of fertilizer made just lead you to a fields full of sh*t.

      c) Bad guys do bad things but they are not discovered for 30 years. That's light entertainment.

      d) Bad guys do incompetent things and you *feel* as if a crime has been committed. That's regular banking.

      P.

    2. Anonymous Coward
      Anonymous Coward

      Re: In defense of data slurping

      I have to say I sort of agree with some of Jason's comment.

      It is, sadly, the public (and political) expectation that police and security services are there to "prevent terrorism".

      Unfortunately, this is not, in fact, what their role is supposed to be. Instead, usually, they are meant to be there to investigate the aftermath of a terrorist attack, and try and bring those responsible to justice.

      They can do this, using their existing powers, and can instigate targeted inspection and capture of data on a suspect, only after an individual is a suspect due to other information received or evidence gathered.

      But in the absence of other information / evidence, and before there has been an attack, how are the police and security services meant to function to "stop terrorism", if they cannot find evidence by "metadata" or other data slurping?

      1. Anonymous Coward
        Anonymous Coward

        Re: In defense of data slurping

        > how are the police and security services meant to function to "stop terrorism

        They can't. That's the reality of living in a free society.

        No amount of the papers shouting for it will make one jot of difference.

        All the law can do anyway is threaten fallout to anyone that breaks the rules. In practice, you can't stop people breaking the law if they are determined to do it.

    3. Yet Another Anonymous coward Silver badge

      Re: In defense of data slurping

      And X's mobile phone is tracked coming out of the same tube station as Y who is a known terrorist - so you follow X onto the tube and shoot him.

    4. John Sturdy
      Black Helicopters

      Re: In defense of data slurping

      I doubt they're just "logging" the data, for inspection after an incident. They'll be analyzing it continuously as it comes in, looking for things they think should be prevented or at least watched suspiciously (as in McCarthyism).

      1. tom dial Silver badge

        Re: In defense of data slurping

        We were talking here about Patriot Act section 215 metadata, provided by carriers from billing records, logs, and similar sources. Scanning content during transmission would be a different program, XKeyStore, which is foreign intelligence data collection authorized under Foreign Intelligence Surveillance Act section 702.

    5. Jason Bloomberg Silver badge

      Re: In defense of data slurping

      It appears my view that logging isn't spying isn't accepted by the majority, or I just wasn't expressing myself very well. It seems it's the slurping of meta data as much as use of of the data logged which is resented.

      In which case I wonder what people's views are on server and system logs? Are all sysadmins and web masters spying on us?

      If the NSA logging meta data is spying then a sysadmin logging meta data is equally spying. Is there something I am missing that makes one okay but not another? Or is it, as I believe it is, logging in itself is benign and its the subsequent use of those logs which makes it spying or not.

      1. Yet Another Anonymous coward Silver badge

        Re: In defense of data slurping

        > how are the police and security services meant to function to "stop terrorism"

        > if they cannot find evidence by "metadata" or other data slurping?

        Same way they did against the IRA, ETA, the RAF?

        It wasn't by having a live log of what I was watching on Netflix.

        Or perhaps the 70s and 80s could have been totally terror free if only MI5 had known who was watching the Morcombe and Wise Christmas special ?

      2. phil dude
        FAIL

        Re: In defense of data slurping

        Yeah but a sysadmin can't f*ck up your life by sending the men in black after you, can they?

        P.

        1. tom dial Silver badge

          Re: In defense of data slurping

          "a sysadmin can't f*ck up your life by sending the men in black after you"

          Probably not the men in black, but the NSA (or GCHQ ...) probably cannot do that either. On the other hand, I very strongly suspect that ordinary (service provider) sysadmins have sent police after viewers of child pornography, and think I have read of a case but am too lazy to support it. I know for a fact that some employers systematically review logs and act on at-work offenses against both work rules and laws.

          1. phil dude
            Pint

            Re: In defense of data slurping

            Indeed. And how will you ever know who does stitch you up? With secret laws and secret courts to adminster the laws, how will you know?

            How about the national no-fly database?. In the USA this is clearly unconstitutional which is why they kept it secret.

            But we're still paying for it...

            P.

      3. Anonymous Coward
        Anonymous Coward

        Re: In defense of data slurping

        @ Jason Bloomberg

        Nobody is saying that you it isn't possible that you can spied on by your company's sysadmin. I'll take that further and say that you can be spied on by your boss, or someone in your HR who has access to your personnel info and your health benefit claims data, or by your neighbor for that matter.

        The real issue is whether our government exists to serve us, or whether we exist to serve our government.

      4. tom dial Silver badge

        Re: In defense of data slurping

        Concern about possibilities for misuse of collected metadata has a rational and historical basis in the US and perhaps more so in some other countries. Unfortunately, sloppy use of the English language (and doubtless others) in reporting on the "Snowden revelations" combined with widespread underlying distrust of government activities has whipped up a certain part of the population into a moral panic not greatly different from the satanic ritual abuse panic of 25 or 30 years ago.

        At the root is a widespread sense that the Government is not to be trusted, that its operators view themselves as better than the rest of us and therefore entitled to make the rules and to to establish and operate the agencies and programs that govern us for our own good irrespective of our wishes. They supply confirmation in the form of comments like Jonathan Gruber's recently outed description of the tactics used to obtain passage of the Affordable Care Act and their rationale, as well as the presumed Presidential action to revise enforcement of US immigration laws, details of which are to be announced this evening. To worsen things, such actions tend to be supported enthusiastically by their supporters without much consideration of the possibility that another President and Congress might act quite differently, although surely "for our own good".

        Conflation of "logging" with "spying" and portrayal of the government's capability to track pretty much anyone as a fact that the government tracks pretty much everyone feeds the diffuse general anxiety about whether the government officials consider themselves our masters or our agents. Selective reporting that tended to omit context, conflate foreign and domestic data collection, overlook NSA's internal controls, and deprecate the Foreign Intelligence Surveillance Court except where it found fault with NSA activities have further contributed to a widespread sense that the government is to be distrusted and feared, and the program needs to be stopped, this despite the fact that it has not been shown to be instrumental in any oppression.

        The truth is that if you are a target of government interest, there is not a lot you can do about it and they very likely will get you if they want. They can collect your metadata, as well as that of your contacts and their contacts from providers without a warrant and without notification. They can conduct physical surveillance without much justification, and a police officer behind your car will query a variety of databases for your license plate if he has the time. They can conduct heavily armed raids based on sometimes flimsy justification: Randy Weaver, David Koresh and the Branch Davidians, and the YFZ Ranch come readily to mind as probable government overreach. The government's prosecutors can use old or badly written laws to lay on outrageously excessive charges - Aaron Swartz and the Ohio Amish beard cutters, as well as a number of whistle blowers, are recent examples. And the governments' police can seize your property if they think it was used for or resulted from illegal activity. And not a bit of this is even remotely dependent on "mass surveillance", electronic or otherwise.

        Jason Bloomberg is quite correct. The US communication metadata is potentially useful after the fact in finding those responsible for criminal (including terrorist) acts. The notion that it can be used prospectively to detect and thwart terrorism and other crimes probably is as much a pipe dream now as when Admiral Poindexter prototyped and advocated the canceled "Total Information Awareness" program. That is indicated by the scarcity of evidence offered by the NSA (and, as far as I know, the other Five Eyes SIGINT agencies), and the data would be similarly (un)useful for identifying anti-government domestic activity.

      5. Anonymous Coward
        Anonymous Coward

        Re: In defense of data slurping

        @Jason Bloomberg:

        In which case I wonder what people's views are on server and system logs? Are all sysadmins and web masters spying on us?

        As one who has access to many server logs there are several important differences:

        1) Transparency. The data collected is stated upfront in a lot of privacy policies; or a quick search will show you what data is collected and the ramifications thereof.

        2) Usage. Server logs have 2 main uses...a) Finding out where things went wrong (mostly after the fact, but used live in DDoS attacks and similar when you're screening out IP addresses the attacks are coming from and 2) For marketing when you use logs to refine the site to appeal more to the customers. If -for example- you get a lot of hits from Germany but you don't have a price on the site for shipping your product to Germany, then you have to sort that out pronto.

        3) Choice. Users can choose not to visit a site (or a network of sites). Users can use a specific browser/personality combo for a particular destination to 'sandbox' the data gathered from a particular site. Users can use Adblock and similar to fend off sending data to anyone other than the destination site. Users can choose not to give the site any more information by not filling out forms/joining mailing lists for a particular site; and so on.

        3) Limits. Server logs basically give you a command and the IP address it came from. Now with browser fingerprinting, it's possible to tag an individual over several IP addresses; but at the end of the day it's pretty well limited to "what IP address they came from and what they did on my server".

        4) What you can do with the information afterwards. You can subpoena an ISP to cough up the user of a particular IP address at a particular time; but you need a bloody good reason and it's 100% legal and using all of the due process. Also, you're going to need a lawyer to explain server logs to a judge at £100/hr, so it's not a step you take lightly. I can use that information to block that IP address (not necessarily the user) from using my site in the future. I can't send in helicopters; use the information to affect that user's life in the future; air-drop honey badgers (although the honey badger thing should definitely be considered for future versions in my opinion, even if it is impossible) or anything else because -even subpoenaing the ISP- it is very difficult to nail a user with certainty...the real miscreant could be using someone's hacked/open wifi, for example.

        5) Potential for misuse. There isn't a lot, really, because -unless you can blag the user into coughing up personal data via a web form you are not tying your site user into a RL person. There is 'misuse' of a sort by marketing types to use the info to tweak the site and blag Google into listing the site higher than they otherwise would; but Google are probably big enough to look after themselves in that respect. I suppose you could blackmail people if you owned a sheep-porn site and you'd made them subscribe with real names; but even there there's countermeasures and -above all- choice.

        Not the same thing at all.

        Oh yeah. Forgot. Comparative power. If a sysadmin gets a hard-on for you in particular; there are a few things they can do to you, especially if you work at a place were they maintain the equipment (ref: BOFH) but nothing that you can't solve (by getting another job if all else fails); whereas if the government gets on your case you are stuffed.

      6. Anonymous Coward
        Anonymous Coward

        Re: In defense of data slurping

        @Jason Bloomberg

        The issue here isn't really spying, its trust. Giving anyone that much power over others through access to their data is never something to be done lightly, if at all. When you start from a position of negligible trust in those asking for the power, there's not really much you'll be prepared to allow. As it turns out, for a lot of reasons trust in governments and their agencies is at a very, very low ebb so we just don't trust them not to use the powers they have against us, anything at all that's even vaguely abrasive raises hackles, because the action itself lacks general consent, and the oversight looks far short of whats needed.

        If the government want trust to return, the only way they'll get it is if they start demonstrably acting within the constraints that the majority find acceptable, and allow themselves to be held accountable for their actions; history clearly shows anything else is simply dangerous.

        Most people are quite happy with the idea of targeted data collection, provided it is authorised by the normal system of oversight we all understand - via warrants issued by independent courts. But mass data collection can never really be entertained without almost perfect trust and oversight, which is unlikely ever to exist in the political environment we currently have. There really is no valid current or retrospective defence for data slurping that will find public acceptance

    6. T. F. M. Reader

      Re: In defense of data slurping

      I am happy to hear arguments why there should be no logging at all despite any benefits that may have;

      I would agree with you that consulting historical data may make solving crimes a little bit easier in some cases. This benefit is very small while the potential for abuse is huge, which is why we have various legal obstacles, such as court warrants, in the way of investigators eager to collect data. Spy agency data slurping bypasses such checks, which is the problem. Police work is easy in police states, and I cannot regard it as a benefit.

      just don't call meta data logging spying.

      Collecting and storing metadata is surveillance (as opposed to eavesdropping, which is interception of data). I refuse to argue whether surveillance == spying. I do not want to live in a total surveillance society, and that is enough.

      I am against the misuse of logged data and what does amount to spying.

      Good. Do you feel safe that the logged data won't be misused, ever? I don't.

      We do need to be sure we have nothing to fear from our logged data

      I am quite sure I have a lot to fear. Don't ask me why, it's none of your (or anyone's) business. No, it is not because I am a criminal or a terrorist, and I do expect you to believe this statement without analysing the collected data.

      unless we do turn up dead

      I have a particular fear that the logged data will be made public and (mis)interpreted after I am dead and not able to defend myself against any unwarranted accusations that twisted minds might come up with.

    7. John Smith 19 Gold badge
      Unhappy

      Re: In defense of data slurping

      "f X is a mobile phone use, and all calls to and from X and all base stations connected to are logged, when X turns up dead those logs can be examined and may help reveal clues as to the murderer or the reason."

      Do the words "presumption of innocence" mean anything to you at all?

      This "logging" fig leaf was used by the NSA. "Oh, we don't listen to the calls, we just have our software scan them for key words"

      And then we store all of them just in case.

      You really trust your government, don't you.

      Which means you're either being paid by them or very stupid.

      1. Anonymous Coward
        Anonymous Coward

        Re: In defense of data slurping

        One downvote for ad hominem attack.

  7. Robert Halloran

    Part of the reasoning for voting down the recent bill, as noted in your associated article, was its having been severely watered down in committee to the point of status quo, with the addition of continuing the sanction of metadata collection for an additional two years past the current mid-2015 expiration.

  8. DerekCurrie
    Holmes

    Who needs a new 'law' when it's already written into the US CONSTITUTION?!

    "...the US Senate killed off a proposed law that would have restricted some of the NSA's intelligence gathering on Americans"

    This was a total BS congressional manoeuvre that is entirely irrelevant. Here's why:

    The Fourth Amendment to the US Constitution:

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    IOW: All Congress did was admit that they're constitutional ILLITERATES. The NSA's broad collection of US citizen data within the USA is unconstitutional. What the US Congress is supposed to do in response is SHUT DOWN the NSA's unconstitutional behavior. That requires NO new law.

    Worthless US Congress, Red or Blue.

    1. tom dial Silver badge

      Re: Who needs a new 'law' when it's already written into the US CONSTITUTION?!

      The present state of Fourth Amendment law still appears, on balance, to support, or at least consistent with collection of call record metadata without a warrant. Recent court decisions have answered the question differently, and the Supreme Court presumably will resolve the still-open question in due course. In any case, at the time the domestic call metadata program was developed, and extending through most of 2013, both it and the law under which it was authorized appear to have been within the limits of Constitutional behavior, opinions to the contrary notwithstanding.

  9. integr8d

    Why the bill was killed...

    Dailytech has a write-up on why the bill was narrowly defeated....

    http://www.dailytech.com/Rand+Paul+Casts+Crucial+No+Vote+on+ObamaBacked+PATRIOT+Act+Renewal+Bill/article36911.htm

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like