(x-posted from TexasKAOS, where we're taking Texas back!)
CNet is reporting that some disturbing information about the NSA's data collection techniques was revealed at last Friday's "Search & Seizure in the Digital Age" symposium at Stanford.
Paul Ohm, a former employee of the Justice Department who worked in their Computer Crime and Intellectual Property division, explained how data-gathering has changed since the federal government abandoned it's Carnivore program a few years ago. While Carnivore was set up to only collect data which matched certain filters, the full pipe technique (aka "the vacuum cleaner method") is highly invasive and puts our privacy rights at risk:
"What they're doing is even worse than Carnivore," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation who attended the Stanford event. "What they're doing is intercepting everyone and then choosing their targets."
Carnivore was actually part of a software suite called "DragonWare", which was composed of three programs. Carnivore could "monitor all of a target user's Internet traffic", capture it, then store the data in raw packets. A program called Packeteer processed the raw data, then a program called Cool Miner was used to "display and organize the intercepted data" (source). When completed, the NSA could then duplicate exactly what a user was doing on the internet, from reading email to viewing web pages accessed by targets.
Carnivore was basically a packet sniffer on steroids. Packet sniffers have been around for ages; they're used by both IT professionals like myself and malicious hackers. I suppose that like most tools, it can be used for good or evil. Here's a visual representation of how Carnivore works:
I am hesitant to speculate on exactly how the NSA is employing the vacuum cleaner technique, but I am going to anyway because I have a technical background and privacy is one of my main concerns. I strongly suspect this is part of the illegal domestic wiretapping program reported in the New York Times in 2005. As we all know, Bush signed an executive order allowing our spy agencies to ignore FISA and spy on Americans without a warrant. When the NYT broke the story, privacy advocates warned that innocent Americans would be caught up in the net. The Bushies brushed off that concern and tried to reframe the scandal as a "terrorist surveillance program". With these latest revelations, we can be almost certain that innocent Americans are being targetted by the NSA's full pipe surveillance.
While I have no proof of this, I suspect that the NSA could be using it's ECHELON system to carry out this surveillance. That's pure speculation right there, admittedly. However, if ECHELON is not being used, there is still solid evidence that indicates that the hardware neccessary to carry out this spying is already in place.
This should explain why I suspect this is part of the illegal domestic spying program. In April of 2006, a former AT&T employee stepped forward as a whistleblower. Mark Klein provided internal AT&T documents establishing the existence of a secret surveillance room in the SBC building at 611 Folsom Street in San Francisco. Klein provided all sorts of information, including network maps, build documents, and work orders related to the construction of the room. Klein was mainly concerned that these documents provided evidence that the federal government was setting up their Total Information Awareness program. They clearly showed that AT&T's network traffic was routed to a room containing a Narus STA 6400 (a real-time spying device). To the technically inclined such as myself, those documents were scary as hell.
According to evidence provided by Klein, by January of 2003 AT&T split all of their existing WorldNet circuits into the secret room. In February of 2003, they split their peering partners' circuits into the room. Those peering partners included ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and MAE-West. Put simply, almost all American public internet traffic travels over one of those networks. Klein's documents also revealed that all new AT&T circuits were to be split through the surveillance room.
You'll notice a graphic representation of a peering point to the left. The four clouds represent four separate networks, and the circle in the middle (the peering point) represents where the networks physically meet and pass traffic to each other. Basically, what AT&T did was stick a Narus right in the middle of that little circle.
While the federal government claims that TIA never got off the ground, Congress did not cut off all funding. In fact, several components of TIA are still being funded, and many privacy advocates believe that these components are being used to install more surveillance rooms at internet backbone peering points across the nation. The AT&T documents provided by Klein allude to installations at other facilities.
It seems to me that the evidence provided by Klein indicates that the hardware for TIA did indeed get funded and deployed. And Ohm's statement in Stanford indicates that the federal government is sweeping up all sorts of communications, including email, voice traffic, voice over IP, ftp, and http (web browsing). This is exactly what the Narus device is intended to do: sweep everything up like a vacuum cleaner. And the idea of "sweep first, filter later" does not provide for the appropriate protections guaranteed by the 4th Amendment.
It will be interesting to see how our spy agencies and the federal government react to Ohm's statement over the next few days.
Let me be clear: data mining and surveillance are good things in some cases. But since we have the technology to zero in on suspected surveillance targets, I see no reason to capture and store the data on regular, everyday, non-suspect internet users. And seeing as this program is being controlled at the behest of the Bush Administration - who've already shown a great disregard for the US Constitution - I strongly suspect that the program is being abused. Unless Congress is willing to exercise some oversight in this case, we may have to wait for the next Mark Klein to step forward before we know the full extent of the damage.
note: eyeball image courtesy of eyeball online