The NSA: And Who Will Watch the Watchmen?
Doug Hornig, Senior Editor


225 years ago, a rather prescient James Madison wrote:

"I believe there are more instances of the abridgement of the freedom of the people by gradual and silent encroachments of those in power than by violent and sudden usurpations."

Today, the encroachments against which he warned have become the rule rather than the exception, as cyberspying has afforded governments unprecedented means to gain control over their own citizens.

It's been a long and twisted path from the likes of Madison to Richard Nixon, who once famously said, "When the president does it, that means that it is not illegal." For that, he was rightly vilified. Yet if the four decades since he passed from the scene have taught us anything, it's that vast armies of government officials have come believe that whatever they do is legal. The fourth and fifth amendments to the Constitution are violated so routinely that few people bother to notice, and an entire generation has grown up without knowing why they were written into the document and what they mean—or even that they exist at all.

The revelations from the Edward Snowden-orchestrated document leaks have been coming fast and furious for several months now. Each day, it seems, we learn about another government program we hadn't heard of before. And yet, we are complicit. Each day we also enable our own surveillance.

In early 2011, more than two years before Snowden surfaced, the humor website The Onion ran a spoof video about the supposed reauthorization of funding for Facebook by Congress, because it saves the intelligence community so much money. This quote purports to come from a deputy CIA director lauding Facebook:

"After years of secretly monitoring the public, we were astounded so many people would willingly publicize where they lived, their religious and political views, an alphabetized list of all their friends, personal email addresses, phone numbers, hundreds of photos of themselves, and even status updates of what they were doing moment to moment. It is truly a dream come true for the CIA."

It's hilarious but, like all good satire, it's a little painful to watch, as well. Imagine, for example, that the government had demanded at gunpoint that we turn over all of the personal info we voluntarily post about ourselves. There'd be outrage. High-horse Congresspersons would hold hearings. Scathing op-ed pieces would appear.

Luckily for the government, however, it doesn't even have to ask. All that stuff is out there in cyberspace, almost begging to be harvested. Who can blame the authorities for taking advantage?

In a sense, the same applies to our personal correspondence. At one time, opening someone else's mail was a serious federal crime—it still is, actually. But email? We agree to let our server archive our e-letters, read them if it wants to, or turn them over to anyone who files the proper request. There is no such thing as a truly private electronic exchange.

When we use Google, we give the company tacit permission to use the things it learns about us and our habits for its own or some affiliate's purposes. That information, too, can be demanded by government agents, as can our credit card records, which reveal an enormous amount about us. Ditto for the paper trail you leave with those grocery store discount cards.

And so on.
Compromising Social Media
Are we advocating going back to a world without Visa, iPhones, and Internet banking? No, of course not. But any consideration of the domestic cyberwar currently raging must include our cooperation with it, and the indisputable fact that we have quickly warmed to the convenience of the cyberuniverse without having paid much attention to the loss of privacy that has accompanied it.

One of the clearest lessons of history is that government will happily embrace the latest in technological advances that offer it the possibility of greater control over its subjects. And use them. And then abuse them.

But of course, "We don't have a domestic spying program." That's what President Obama declared on August 6 on The Tonight Show, in one of the most disingenuous statements ever made by a politician—and that's saying something.

What Obama should do next is to try saying that to any of the increasing number of Americans like Brandon Raub.

Raub, a 26-year-old decorated former Marine who served in Iraq and Afghanistan, made the mistake of posting political views and song lyrics to his private Facebook page that were critical of our current wars and of the government in general. Little did Raub know that the government is using Facebook as a surveillance tool. Even less did he suspect that in 2009, the Department of Homeland Security had launched Operation Vigilant Eagle, which aims to track military veterans who are voicing feelings of discontent, because they are to be regarded as potential terrorists.

As a result of Raub's Facebook rants, on Thursday, August 16, 2012, a swarm of local police, Secret Service, and FBI agents arrived at Raub's Virginia home, asking to speak with him about his postings. After a brief conversation and without providing any explanation, levying any charges against him, or reading him his rights, the officials handcuffed Raub and transported him first to police headquarters, then to a psychiatric hospital, where he was incarcerated against his will. Although he was sentenced only to 30 days of "observation," involuntary psychiatric commitment is different from an "arrest." It requires no proof, and can be very difficult to extricate oneself from.

Raub is not unique. Other veterans around the country have been swept up by Operation Vigilant Eagle and similarly harassed. The Raub story has a relatively happy ending, because he was one of the lucky ones. Outraged onlookers filmed the bust on their cellphones, and it went viral on YouTube. The Rutherford Institute, a nonprofit Constitutional law firm, jumped in and petitioned for his release, and an outraged Circuit Court judge ordered him immediately freed a week after his detention.

The point, though, is that his ordeal exemplifies how closely Facebook and other social media are being watched. The default assumption must be that whatever you post to the Internet is going to be scrutinized—by someone, in some agency, somewhere—and that it constitutes evidence that may be used against you, even outside an actual court of law.
Unleashing the Tech
While the government can hardly be accused of illicit activity in the gathering of one's publicly revealed Facebook information, surreptitious wiretapping without a warrant is another matter, with the legal niceties far from sorted out at this point.

One of the truly disturbing facts about Edward Snowden's leaks—which have caused such a commotion in the media and among civil libertarians, while also provoking calls in Congress for him to be tried as a traitor—is that they should have come as no surprise to anyone who has been paying the slightest attention. Clues have been popping up all over the place for more than a decade.

"ECHELON," for example, had been known about since before the turn of the century. A signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory states to the UKUSA Security Agreement (Australia, Canada, New Zealand, the UK, and the US), it's a software system capable of interception, content inspection, and dissemination of downloaded commercial satellite trunk communications globally, including telephone calls, fax, email, and other data traffic.

On the domestic front, "Carnivore" was an early "packet sniffer" software deployed by the FBI in 1997. It could select and capture particular data packets flowing across the Internet, decode them, and examine their contents. The FBI countered the objections of privacy advocates by saying that Carnivore could distinguish between communications that could be lawfully intercepted and those that could not. Carnivore was eventually replaced by the far more powerful "NaurusInsight," noted for being the universal wiretap system installed in Room 641A at AT&T's operations center in San Francisco, as revealed in 2006.

But the big leap forward came when President Bush authorized the "President's Surveillance Program" (PSP) shortly after the 9/11 attacks. It included an ultrasecret NSA intelligence-gathering project code-named "STELLARWIND," involving data mining of a large database of the communications of American citizens, including email communications, phone conversations, financial transactions, and Internet activity. Almost immediately, there was fierce opposition within the Justice Department on the part of those who believed the president had exceeded his Constitutional authority. But the dissenters lost, and the project proceeded.

Though STELLARWIND's name remained secret, in December 2005, the New York Times alluded to it when it ran an article titled, "Bush lets U.S. spy on callers without courts." In the article, the NSA—whose mission was previously thought to be limited solely to spying on communications abroad—was outed for the first time as operating domestically. The Times cited as its sources "a dozen current and former officials, who were granted anonymity because of the classified nature of the program." The nation yawned.

The existence of the PSP itself has been known since 2008, when Thomas Tamm, a former attorney in the Department of Justice's Office of Intelligence Policy and Review, anonymously leaked information about it to the Times.

Then, in early 2012, whistleblower William Binney—a 32-year NSA veteran—went on record with all the gory details about the architectural and operational elements of STELLARWIND, which he had helped design. Binney said that the program he worked on had been intended for use in cases of foreign espionage, but after 9/11 was converted to spying on citizens in the United States—a development with which he disagreed and which led to his resignation from the agency in late 2001. He went on to state that the NSA has highly secured rooms that tap in to major switches, and satellite communications at both AT&T and Verizon, an assertion that was supported by the exposure of Room 641A.

STELLARWIND itself was theoretically discontinued in 2007, but it basically continued under various different names at the end of the Bush administration and straight through the Obama years. These include programs brought to public attention by Snowden, such as "Boundless Informant," "PRISM," "Fairview," "Dropmire," and "XKeyscore."
The Snowden File
Obviously, enough facts were known that there should have been a public airing of the whole warrantless spying issue long before Edward Snowden appeared. But since it is he who has become the poster boy for the issue, it's worth reviewing some of these revelations.

PRISM (leaked June 2013)

PRISM went operational in 2007, operating under the supervision of the Foreign Intelligence Surveillance Act (FISA) Court. It's a system the NSA uses to gain access to the private communications of users of nine popular Internet service providers: Google, Facebook, PalTalk, AOL, Microsoft, Apple, Yahoo!, Skype, and YouTube. The government contends that PRISM cannot be used domestically without a FISA warrant, but the leaked Snowden document calls PRISM "the number one source of raw intelligence used for NSA analytic reports." FISA approval isn't exactly tough to get. The Electronic Privacy Information Center reports that in 2012, the court received 1,856 applications and rejected none. (One day before PRISM leaked came the revelation that the FISA Court had been ordering a subsidiary of telecommunications company Verizon Communications to turn over to the NSA logs tracking all of its customers' telephone calls on an ongoing daily basis.)

The named companies went ballistic over this, insisting that their hands are clean. A typical response from Google CEO Larry Page stated that "any suggestion that Google is disclosing information about our users' Internet activity on such a scale is completely false."

However, it's possible that a bit of legal game-playing is going on here. This is the leaked graphic about PRISM that caused all the fuss:



About it, the Washington Post wrote:

"This slide draws a distinction between NSA surveillance programs that collect communications 'as data flows past' on fiber optic cables and PRISM, which collects communications 'directly from the servers' of U.S. Internet companies.

"Some have interpreted this to mean that the NSA has 'direct access' in a technical sense: automatic, unfettered access to the servers' contents. But in context, 'direct' is more likely to mean that the NSA is receiving data sent to them deliberately by the tech companies, as opposed to intercepting communications as they’re transmitted to some other destination. That's not inconsistent with tech company lawyers scrutinizing each request before complying with it."

XKeyscore (leaked July 2013)

This is a computer system used by the NSA for searching and analyzing Internet data about foreign nationals across the world. The program is run jointly with other agencies, including Australia's Defence Signals Directorate and New Zealand's Government Communications Security Bureau. It detects the nationality of foreigners by analyzing the language used within intercepted emails.

XKeyscore takes certain types of raw metadata that the NSA has already collected using other methods, and processes it with arrays of Linux machines. The Linux processing nodes look for specific key content in these captured network sessions; there are specialized plugins to enable the mining of packets for phone numbers, email addresses, webmail and chat activity, and the full content of users' Web browser sessions. For selected traffic, XKeyscore can also generate a full replay of a network session between two Internet addresses.

But rather than dumping everything back to a central processor, each XKeyscore site keeps most of the data in local caches. According to the documents leaked by Snowden, those caches can hold approximately three days of raw packet data—full "logs" of Internet sessions. There's also a local database at the network tap sites that can keep up to 30 days of locally processed metadata.

Boundless Informant (declassified document leaked June 2013)

A Big Data analysis and data-visualization system used to give NSA managers summaries of the agency's worldwide data-collection activities. As explained in a Guardian article:

"By extracting information from every DNI and DNR metadata record, the tool is able to create a near realtime snapshot of GAO's collection capability at any given moment. The tool allows users to select a country on a map and view the metadata volume and select details about the collection against that country. The tool also allows users to view high level metrics by organization and then drill down to a more actionable level—down to the program and cover term."

"GAO" (Global Access Operations) is an NSA operational branch whose motto is "The mission never sleeps." "DNI" stands for "digital network intelligence," and "DNR" for "dial number recognition."

According to the XKeystroke slide show, "Boundless Informant is hosted entirely on corporate services and leverages FOSS technology (available to all NSA developers)." "FOSS" stands for "free and open-source software," and I guess this means it could be disseminated pretty widely.

Fairview (leaked June 2013)

A mass surveillance program aimed at collecting phone, Internet, and email data in bulk from the computers and mobile telephones of foreign countries' citizens. According to Snowden: "The NSA partners with a large US telecommunications company... [which] partners with telecoms in the foreign countries, [which] then allow the US company access to those countries' telecommunications systems, and that access is then exploited to direct traffic to the NSA's repositories."

Dropmire (leaked June 2013)

A program aimed at surveillance of foreign embassies and diplomatic staff, including those of NATO allies. The Guardian reported that at least 38 foreign embassies were under surveillance—some as far back as 2007. Diplomatic spying by the United States had been known at least since 2010, when it was revealed that US agencies had spied on UN chief Ban Ki-moon, but at the time, it was not known that this had been done as part of a systematic program.
Everyone Wants In
These five are among the most important programs, but they are only the tip of the proverbial iceberg. Many others had been catalogued before Snowden came along; one blogger in March 2012 compiled a list of code names for 97 NSA (and NSA-contractor) programs involved in all aspects of SIGINT collection, processing, analysis, dissemination, and storage.

Lest we forget, the NSA is hardly the only arm of the federal government in the domestic spying business. There's also the FBI and the military. (Because we can't know otherwise, we'll give a reluctant assent to the CIA's insistence that it is involved only overseas.) Almost certainly Homeland Security. Oh yeah, and the Drug Enforcement Administration (DEA).

For example, the FBI is spending $1 billion on its "Next Generation Identification" program. The program is designed to advance the Bureau's biometric identification services, providing an incremental replacement of its current integrated automated fingerprint-identification capabilities with a multimodal biometric database. To fingerprints will be added iris scans, palm prints, DNA data, and even tattoos, as well as facial images and facial recognition software that will enable identification of individuals from private-sector security camera records. Whether the goal is to create a database containing biometrics on every American is unknown at this time.

Just recently, it came out that the DEA has skin in the game, too. An August Reuters article based on leaked documents revealed that the agency is "funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans."

For the record, the DEA is supposed to be hunting common criminals, not terrorists. But hey, who's counting at this point?

More interesting would be from whom it's getting those intercepts, etc. That's still classified. Furthermore, Reuters states that the documents show that "law enforcement agents have been directed to conceal how such investigations truly begin—not only from defense lawyers but also sometimes from prosecutors and judges," and that "federal agents are trained to 'recreate' the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial." Not to mention that it would constitute a unique situation in law enforcement.

However, we can make some wild guesses as to the source of the info. The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, Internal Revenue Service, and the Department of Homeland Security. And, oops, I almost forgot—the NSA.

The military, through the Defense Advanced Research Projects Agency (DARPA), has a large number of projects under way, focusing on algorithmic improvement, espionage, surveillance, natural speech recognition, and video and image retrieval systems.

Among that last group is something called the "Video and Image Retrieval and Analysis Tool" (VIRAT). It aims to develop a system to provide military imagery analysts with the capability to exploit the vast amount of overhead video content being collected. If successful, VIRAT will enable analysts to establish alerts for activities and events of interest as they occur. VIRAT also seeks to develop tools that would enable analysts to rapidly retrieve—with high precision and recall—video content from extremely large video libraries.

This one is of particular interest, because it is probably critical to the success of "Argus," a new 1.8-gigapixel camera meant to be deployed on drones. Argus merges information from 368 separate image chips and can surveil a medium-sized city with a resolution of six inches from 17,000 feet in the air. It creates a library, enabling the drone operator to "go back in time" to home in on a particular event in a specific time or place. And perhaps most significant, it can also pinpoint and automatically track anything that is moving within its field of vision. That means if you're running or driving your car, it can zero in and follow you in real time. Though civilian applications are evident, the government is mum on whether there are any plans to deploy Argus domestically.
Panopticon Arrives
In that blogger's list referred to earlier, there appears a particularly spooky term: "Panopticon." Whether the NSA actually has a program with that code name has yet to be definitively documented, but the overall combined effect of its (and other government agencies') efforts is eerily Panopticon-like. That is one of the few aspects of the Snowden-leak story that has been underreported.

English philosopher and social theorist Jeremy Bentham first posited the idea of the Panopticon in the late 18th century. It was an architectural concept for a prison with cells arranged in a circle around a central tower where the guards—who couldn't be seen by inmates—had direct visual access to every cell. The idea was to instill in the prisoners' minds the notion that, since they could never know when they were being surveilled, they would have to assume that they always were.

French philosopher Michel Foucault described how insidious and clever this was. It would serve "to induce in the inmate a state of conscious and permanent visibility that assures the automatic functioning of power. So to arrange things that the surveillance is permanent in its effects, even if it is discontinuous in its action; that the perfection of power should tend to render its actual exercise unnecessary; that this architectural apparatus should be a machine for creating and sustaining a power relation independent of the person who exercises it; in short, that the inmates should be caught up in a power situation of which they are themselves the bearers."

How's that sound as a metaphor for the modern state?

Inducing a condition of perpetual paranoia in the population may seem like an extreme measure, and it is certainly counterproductive for a society, as the KGB and Stasi should have demonstrated for us quite convincingly. Nevertheless, as Foucault correctly argued, that is the inevitable result of a surveillance that is perceived to be all-encompassing. Repeat the word one more time: Inevitable.

Given the extent of what's now going on in the US, it's impossible to duck the question of government intentionality.

Yet the problem goes even deeper than that. The Roman poet Juvenal nailed the concomitant danger nearly 2,000 years ago when he asked: Quis custodiet ipsos custodes? Or, as we tend to loosely translate it these days: Who will watch the Watchmen?

Faced with all of this, the ordinary citizen may feel helpless. But one positive development from all the recent revelations about government surveillance is that a lot of people are questioning whether we've lost the allegiance to individual liberty on which the nation was founded, and are beginning to speak out that it's time to get it back. That quaint notion is in for a long-overdue rebirth, which we may yet get.

In the meantime, there are things that can be done to enhance individual privacy, which we've covered in past issues of Casey Extraordinary Technology. In addition, there are profits to be made from companies specializing in data security. Identifying them early and getting a jump on the crowd allowed us to make 102% with Fortinet and 46% in just one week with ArcSight. As always, we'll be on the