Interesting People mailing list archives
Moving from call detail data to call content -- vs. NSA
From: David Farber <dave () farber net>
Date: Sat, 13 May 2006 17:32:23 -0400
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: May 13, 2006 12:27:35 PM EDT To: dave () farber net Cc: lauren () vortex com Subject: Moving from call detail data to call content -- vs. NSA Dave, Media reports are that the lawsuits have already begun, with sources at this point describing various class-action, multi-billion-dollar numbers aimed at Verizon. No doubt more will follow. I believe that it's important to understand that even using a rather conservative "follow the dots" analysis, it is not an incredibly big jump philosophically from the two programs as now supposedly revealed (warrantless tapping of domestic calls with an international terminus, and mass collection of domestic call detail data), to actual mass archiving of domestic telephone call content. How could this be so? To quote the Russian spy in the classic 1967 film "The President's Analyst": "Are you trying to tell me that every phone in the country is tapped?" Probably not yet, Kropotkin, but let's think about this for a moment. The current administration has now clearly demonstrated a philosophy that encourages the mass collection of data regarding the activities of innocent parties without court orders, on the basis that only "suspicious" elements of that data (however defined by whichever unseen non-court parties) are subjected to further inspection. This philosophy actually dovetails quite nicely with NSA's traditional vacuum-cleaner approach to information collection going back many decades, which is oriented toward the view that you haven't really "surveilled" collected data until you inspect specific elements of that data in detail. Now look at today's telephone networks. They're virtually all digital, with easy remote-access tapping thanks to CALEA. Just a lot of bits, regardless of whether we're talking about the conventional networks or VoIP. The overwhelmingly vast majority of the traffic is unencrypted. Even much of the encrypted traffic is based on proprietary protocols subject to subversion with (or often without) the cooperation of the operating entities. What would it take to routinely make archive copies of all these phone call bits, for some arbitrary period of time, especially with the cooperation of the major carriers? Some significant network reconfiguration would be required I'd imagine, and of course a whole bunch of disks. But on balance it seems like it could be practicable. Then we're faced with the question of what's done with that archive. Speaker-independent voice recognition has rapidly advanced, so broad scanning for keywords of interest in any given context would be possible, though probably more "effective" for conventional law enforcement operations than against sophisticated terrorists. An even more likely approach that fits in with current administration sensibilities, however, would be to use the mass archive to listen in retrospectively on recent conversations that have been targeted via other means (e.g., connection graphs generated from the call detail collection project). One "interesting" approach we could imagine would be to actually get court orders (FISA or conventional) to access the previously collected call content data for such targeted parties, which might provide a degree of legal cover. The argument would be made that nobody is ever really listening to the call content of persons who were not targeted, irrespective of the fact that the calls' contents were archived. From a technical standpoint in any case, it's not as big a leap as might initially be thought from the sorts of programs already revealed, to widespread collection of call contents under a similar philosophical umbrella. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - -
Begin forwarded message: From: Simon Higgs <simon () higgs com> Date: May 12, 2006 6:43:00 PM EDT To: "Stewart, William C (Bill), RTSLS" <billstewart () att com> Cc: dave () farber net Subject: RE: [IP] more on COMMENTS REQUESTED -- Apparent large telco liability based on USA Today facts Stewart, Don't confuse the toll (billing) records with audio transcriptions of calls. NSA is collecting billing records just like a marketing company does (telcos have sold customer data for a long time). What makes this unusual is that NSA have access to the raw data, more or less in real time. Marketing companies buy rolled up data that is nominally sanitized except for all your personal information (exemption 4 - for telemarketing enforcement). As to your question, telco clients consent to the collection of billing records for law enforcement purposes. Telcos consent to the collection of billing records by the government (NSA) for law enforcement purposes as exempted by the Stored Communications Act, Section 2703(c) (iii) below. Exempted from opting out = automatically opted in. You have exactly the same deal when getting treatment from your HMO/ PPO doctor under HIPAA. You automatically opt in to law enforcement collection of your medical data. Simon
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Moving from call detail data to call content -- vs. NSA David Farber (May 13)