Moving from call detail data to call content -- vs. NSA

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: May 13, 2006 12:27:35 PM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: Moving from call detail data to call content -- vs. NSA


Dave,

Media reports are that the lawsuits have already begun, with sources
at this point describing various class-action, multi-billion-dollar
numbers aimed at Verizon.  No doubt more will follow.

I believe that it's important to understand that even using a rather
conservative "follow the dots" analysis, it is not an incredibly big
jump philosophically from the two programs as now supposedly
revealed (warrantless tapping of domestic calls with an
international terminus, and mass collection of domestic call detail
data), to actual mass archiving of domestic telephone call content.

How could this be so?  To quote the Russian spy in the classic
1967 film "The President's Analyst": "Are you trying to tell me
that every phone in the country is tapped?"

Probably not yet, Kropotkin, but let's think about this for a moment.

The current administration has now clearly demonstrated a philosophy
that encourages the mass collection of data regarding the activities
of innocent parties without court orders, on the basis that only
"suspicious" elements of that data (however defined by whichever
unseen non-court parties) are subjected to further inspection.

This philosophy actually dovetails quite nicely with NSA's
traditional vacuum-cleaner approach to information collection going
back many decades, which is oriented toward the view that you haven't
really "surveilled" collected data until you inspect specific elements
of that data in detail.

Now look at today's telephone networks.  They're virtually all
digital, with easy remote-access tapping thanks to CALEA.  Just a lot
of bits, regardless of whether we're talking about the conventional
networks or VoIP.  The overwhelmingly vast majority of the traffic
is unencrypted.  Even much of the encrypted traffic is based on
proprietary protocols subject to subversion with (or often without)
the cooperation of the operating entities.

What would it take to routinely make archive copies of all these
phone call bits, for some arbitrary period of time, especially with
the cooperation of the major carriers?  Some significant network
reconfiguration would be required I'd imagine, and of course a whole
bunch of disks.  But on balance it seems like it could be
practicable.

Then we're faced with the question of what's done with that archive.
Speaker-independent voice recognition has rapidly advanced, so broad
scanning for keywords of interest in any given context would be
possible, though probably more "effective" for conventional law
enforcement operations than against sophisticated terrorists.

An even more likely approach that fits in with current administration
sensibilities, however, would be to use the mass archive to listen in
retrospectively on recent conversations that have been targeted via
other means (e.g., connection graphs generated from the call detail
collection project).  One "interesting" approach we could imagine
would be to actually get court orders (FISA or conventional) to
access the previously collected call content data for such targeted
parties, which might provide a degree of legal cover.

The argument would be made that nobody is ever really listening to
the call content of persons who were not targeted, irrespective of
the fact that the calls' contents were archived.

From a technical standpoint in any case, it's not as big a leap as
might initially be thought from the sorts of programs already
revealed, to widespread collection of call contents under a similar
philosophical umbrella.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com

 - - -

> Begin forwarded message:
>
> From: Simon Higgs <simon () higgs com>
> Date: May 12, 2006 6:43:00 PM EDT
> To: "Stewart, William C (Bill), RTSLS" <billstewart () att com>
> Cc: dave () farber net
> Subject: RE: [IP] more on COMMENTS REQUESTED -- Apparent large telco
> liability based on USA Today facts
>
> Stewart,
>
> Don't confuse the toll (billing) records with audio transcriptions of
> calls. NSA is collecting billing records just like a marketing
> company does (telcos have sold customer data for a long time). What
> makes this unusual is that NSA have access to the raw data, more or
> less in real time. Marketing companies buy rolled up data that is
> nominally sanitized except for all your personal information
> (exemption 4 - for telemarketing enforcement).
>
> As to your question, telco clients consent to the collection of
> billing records for law enforcement purposes. Telcos consent to the
> collection of billing records by the government (NSA) for law
> enforcement purposes as exempted by the Stored Communications Act,
> Section 2703(c) (iii) below. Exempted from opting out = automatically
> opted in.
>
> You have exactly the same deal when getting treatment from your HMO/
> PPO doctor under HIPAA. You automatically opt in to law enforcement
> collection of your medical data.
>
> Simon


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/